As is known, the ECJ has ruled in the Schrems II judgment the Privacy Shield – the European, but in effect, the also the swiss – and last week the EDSA issued draft (quite questionable) guidelines on it published. Now that the EU Commission has also new standard contractual clauses has presented, also as a draft, the complexity of the issue of foreign transfers has reached a level that companies (and authorities!) can hardly cope with. Companies will therefore increasingly request support from the major US providers.
Microsoft is now, as far as can be seen, the first of these providers to have explicitly and publicly commented on Schrems II. On November 19, 2020, Microsoft released a statement through Julie Brill, the highly respected head of privacy at Microsoft (“New Steps to Defend Your Data.”). Microsoft assures therein,
- Challenge all access to customer data at Microsoft by all government agencies (whether government or private)., to the extent permitted by applicable law, and
- in the event of disclosure of customer data, the customers concerned financially compensate.
Microsoft holds out the prospect of including corresponding commitments in their contracts with immediate effect – whether also in existing contracts or only in newly concluded contracts remains open, which rather points to the former.
In doing so, Microsoft is helping to reduce the Schrems II risks of its customers, who must continue to assess these risks.