By Julie Brill, Corporate Vice President and Deputy General Counsel, Microsoft
At Microsoft, we strive to listen to our customers and address their questions and feedback, because one of our foundational principles is to help our customers succeed. Last year we received questions from one of our public sector customers, the Dutch Central Government’s Strategic Vendor Manager department for Microsoft, which is part of the Ministry of Justice and Security (Dutch MOJ), about how personal and customer data are handled by Office 365 ProPlus. In response to our discussions with the Dutch MOJ and other customers about these questions, Microsoft announced new privacy tools across our major services as well as specific changes to Office 365 ProPlus. These changes further increase transparency and customer control over all data processing by Microsoft on behalf of our customers.
On Monday (1 July 2019), in a letter to the House of Representatives of the Dutch Parliament, the Netherlands’ Minister of Justice and Security and Minister of the Interior and Kingdom Relations indicated that after discussions with Microsoft, conditions have been met for the use of Office 365 ProPlus, Windows 10 Enterprise, and Azure by the Dutch Central Government. In their letter, the Ministers state that Microsoft addressed initial concerns over how Microsoft handles personal and customer data through contractual provisions as well as product changes that have been recently released.
We appreciate the efforts of the Dutch MoJ to examine the documentation and controls we offer and to push us to do more. We continue to learn from customers like the Dutch MOJ, and believe our products are improved by customer engagement. By continuously reevaluating our approach and collaborating with customers to understand their privacy needs, we can deliver products and services that go above and beyond the law, and better meet the needs of all our customers.
Microsoft is committed to making sure that our products and services are always designed to meet all requirements under the European Union’s General Data Protection Regulation. However, we recognize that maintaining compliance with privacy regulations such as GDPR is a journey for everyone. It requires continuous effort as legal interpretations evolve, opinions from regulators become available, and technologies change. We will continue to make significant investments to redesign our tools, systems and processes to meet these evolving requirements. One of the many benefits of our cloud services is that we can rapidly make these improvements available to all customers.
As our CEO Satya Nadella recently said, GDPR is a fantastic start to treating privacy as a human right and can set the right global standard. Embracing comprehensive privacy regulations such as GDPR is deeply ingrained in the culture at Microsoft and embedded in the processes and practices that are at the heart of how we build and deliver products and services.
Whether complying with the law or addressing a customer concern, we will always invest in developing privacy-enhancing features that help organizations thrive, and earn the trust of those we are fortunate to call our customers.