DarĂĽber sollte Heise mal berichten.
Microsoft admits no guarantee of sovereignty for UK policing data
Documents show Microsoft’s lawyers admitted to Scottish policing bodies that the company cannot guarantee sensitive law enforcement data will remain in the UK, despite long-standing public claims to the contraryMicrosoft has admitted to Scottish policing bodies that it cannot guarantee the sovereignty of UK policing data hosted on its hyperscale public cloud infrastructure, despite its systems being deployed throughout the criminal justice sector.
According to correspondence released by the Scottish Police Authority (SPA) under freedom of information (FOI) rules, Microsoft is unable to guarantee that data uploaded to a key Police Scotland IT system – the Digital Evidence Sharing Capability (DESC) – will remain in the UK as required by law.
While the correspondence has not been released in full, the disclosure reveals that data hosted in Microsoft’s hyperscale public cloud infrastructure is regularly transferred and processed overseas; that the data processing agreement in place for the DESC did not cover UK-specific data protection requirements; and that while the company has the ability to make technical changes to ensure data protection compliance, it is only making these changes for DESC partners and not other policing bodies because “no one else had asked”.
The correspondence also contains acknowledgements from Microsoft that international data transfers are inherent to its public cloud architecture. As a result, the issues identified with the Scottish Police will equally apply to all UK government users, many of whom face similar regulatory limitations on the offshoring of data.
https://www.computerweekly.com/news/366589152/Microsoft-admits-no-guarantee-of-sovereignty-for-UK-policing-data
Originale hier ohne Paywall:
https://www.spa.police.uk/spa-media/ug4fhi44/let-20240326-foi-response-2023-24-104_redacted.pdf
https://www.whatdotheyknow.com/r/31bb2b55-1476-48e0-affc-cd1cfdd3ba12/response/2647585/attach/3/LET%2020240506%20FOI%20Response%202024%2025%20006.pdf
Zitat Seite 2:
Microsoft 365 – Microsoft have advised that they cannot guarantee data sovereignty for M365.
Heise könnte mal recherchieren, was das für Unternehmen und Behörden in der EU und im DACH-Raum bedeutet.