Comment | Press release

Microsoft’s 2022 EU Data Boundary is a bold smokescreen

Microsoft has announced a plan called EU Data Boundary to largely process data from European companies and administrations on servers in the EU. This proposal misses the real core problem, argues ownCloud CEO Tobias Gerlinger.

By Tobias Gerlinger

Illustration: With EU Data Boundary, Microsoft proposes a shan solution to its regulatory problems after the demise of the EU US privacy shield

Last week, Microsoft announced the EU Data Boundary project to offer EU companies and governments with a comprehensive range of cloud services located in the EU by the end of 2022.

EU Data Boundary fails to keep out US government agencies

As commendable this proposal sounds, storage location was never the problem. Rather, US companies are required by the US Cloud Act to give their government and intelligence agencies access to customers’ data upon request, regardless of where exactly they host it. If companies refuse access, they are in violation of US law. So those promises from US companies fail to convince in the face of US legislation that is plainly incompatible with EU law.

The announcement of the “EU Data Boundary” program also gives the impression that Microsoft wants to position itself for the European Gaia-X cloud infrastructure program. All while admitting that it only wants to minimize, not stop, the transfer of user and customer data to the US. Oh, and this will not happen until the end of 2022. But after the demise of Privacy Shield, there is no legal basis whatsoever for even minimal transfers of sensitive into the US. But even if the flow of data to the US were to dry up completely, in the end it always comes down to the same thing: US companies are subject to US legislation. But participation in Gaia-X requires each member to adhere completely to the European rules of the game.

Therefore, we ask the Gaia-X association to consistently and unwaveringly insist on compliance with EU law. One possible solution could be for US providers to participate in Gaia-X through a trustee model to effectively bypass US surveillance laws such as the Cloud Act, and thus provide the necessary data sovereignty.


Tobias Gerlinger, CEO ownCloud

Tobias Gerlinger, CEO ownCloud

Tobias Gerlinger

May 11, 2021

Ready to see what’s next?

Having trouble viewing or submitting this form?

Contact Us

We care about protecting your data. Here’s our Privacy Policy.

Read now: