Microsoft vowed to challenge all government requests to access its customers’ information in an effort to address increasing European Union scrutiny on the security of data sent to the US.
The software giant will also compensate users whose information is inappropriately disclosed to government agencies, Microsoft Chief Privacy Officer Julie Brill said in a blog post on Thursday.
Microsoft is one of a number of big tech companies working to continue to legally send data to the US after a landmark EU court judgment in July overturned the primary system used to move information from Europe to the US, called Privacy Shield. The judges based the decision on concerns that user information was unsafe from prying by American intelligence services.
Companies transferring data to the US using “contractual clauses” -- one of the few legal methods remaining -- now have to implement extra privacy measures, such as encryption. If companies or regulators deem that customer data is unsafe in the US or any other destination, they may suspend those transfers altogether.
“We believe the new steps we’re announcing today go beyond the law,” Brill said, adding the legal challenges to law enforcement requests would pertain to all governments, not just the US.
“We hope these additional steps will give our customers added confidence about their data.”
The European Data Protection Board, a body of EU data watchdogs, last week issued guidance to help companies identify if they need to implement extra measures before transferring their data, such as swapping identifying information with pseudonyms.
Microsoft’s measures announced Thursday come in addition to other commitments the company already builds into contracts it signs with customers, including pledges to encrypt data in transit and at rest, and to comply with legal government demands for data only if they are clearly compelled to do so.