Microsoft today announced that it is updating the privacy provisions in the Microsoft Online Services Terms (OST) for commercial cloud customers. Microsoft worked with the Dutch Ministry of Justice and Security (Dutch MoJ) to implement this change and Microsoft believes that the change will bring more transparency for customers over data processed in the Microsoft cloud. Microsoft also announced that this OST change will be coming to all its commercial customers globally – public sector and private sector, large enterprises and small and medium businesses.
In the OST update, Microsoft has made the following changes:
- Microsoft will clarify that Microsoft assumes the role of data controller when it process data for specified administrative and operational purposes incident to providing the cloud services covered by this contractual framework, such as Azure, Office 365, Dynamics and Intune. This subset of data processing serves administrative or operational purposes such as account management; financial reporting; combatting cyberattacks on any Microsoft product or service; and complying with our legal obligations.
- The change to assert Microsoft as the controller for this specific set of data uses will serve our customers by providing further clarity about how we use data, and about our commitment to be accountable under GDPR to ensure that the data is handled in a compliant way.
- Meanwhile, Microsoft will remain the data processor for providing the services, improving and addressing bugs or other issues related to the service, ensuring security of the services, and keeping the services up to date.
“We remain committed to listening closely to our customers’ needs and concerns regarding privacy. Whenever customer questions arise, we stand ready to focus our engineering, legal and business resources on implementing measures that our customers require. At Microsoft, this is part of our mission to empower every individual and organization on the planet to achieve more,” wrote Julie Brill, Corporate Vice President for Global Privacy and Regulatory Affairs and Chief Privacy Officer, Microsoft.
Microsoft has already started the work to adopt the updated OST and it will bring it to all public sector and enterprise customers globally at the beginning of 2020.