10

Azure has different privacy agreements set up with different datacenters as mentioned in this footnote

Azure is now available in China through a unique partnership between Microsoft and 21Vianet, one of the country’s largest Internet providers. (https://www.azure.cn/)

In Germany, Azure will be available via a new data trustee model whereby customer data remains in Germany under control of T-Systems, a Deutsche Telekom company, acting as the German data trustee.

In addition there are presumably different regulations for hosting in a UK based datacenter vs one in the US

Question

  • What are the privacy differences with Azure trustee delegates in China, Germany, and the GA offering?

  • Would it ever make sense for a US based person to leverage a German (or other) datacenter for production use?

  • Should I assume the lowest common denominator of privacy when two different datacenters interact with each other?

  • What would guide a US based person to opt in, or opt out of a given datacenter?

Community
  • 1
makerofthings7
  • 50,090
  • 54
  • 250
  • 536
  • 1
    @LamonteCristo I found this https://www.rt.com/usa/177104-microsoft-preska-ireland-server/ which is directly in conflict with Germany's laws https://www.dataprivacymonitor.com/enforcement/german-data-protection-authorities-limit-use-of-alternative-data-transfer-mechanisms-in-light-of-safe-harbor-decision/ . I'm too lazy to verify the sources, hope it helps. – JOW Apr 23 '17 at 16:51

1 Answers1

1

Specifically for the German one, Microsoft is an American company, therefore subject to American laws. Among many other things, such laws include the possibility to request information from an American company stored on their systems, whether or not those systems are on American soil.

I'll not go into all the details, suffice it to say that the way such information is requested and retrieved (e.g. without judicial oversight or informing the person the data concerns) often clashes with European privacy laws. Within the EU, Germany has some of the toughest privacy laws.

So the idea is that although it's still full Azure with everything you might expect, in the background it is not Microsoft operating the datacenter but the local German partner which means the data in the data center is not subject American laws.

I imagine the same applies to other regions as well, China has data localization laws for example.

For a US person, it might be useful to use one of these data center if you are processing personal data of EU residents, to ensure you comply with EU privacy laws or simply inspire trust towards your EU clients.

From a privacy law perspective, you should indeed assume the lowest common denominator.

Opting in or out of a given data center: business or legal requirements I would say.

user3244085
  • 1,173
  • 6
  • 13