Mastodawn

Microsoft marketing: “Your data stays in Europe.”

Microsoft’s Legal Director (under oath, in French Parliament): “No, I cannot guarantee that.”

Still think Microsoft Teams is a sovereign solution?

Credit @ponceto91 for the meme

https://x.com/wire/status/1944851027381117019

EDIT: The statement was made by Anton Carniaux of MS France and can be read at page 23 of https://www.senat.fr/fileadmin/cru-1750816532/Structures_temporaires/commissions_d_enquete/CE_Commande_publique/r24-830-11.pdf#page=23

Thx @Linkshaender!

#microsoft #DataPrivacy #DigitalSovereignty #europe

Show thread

Sebastian Kübeck Jul 19, 2025

@Linkshaender

The Swiss IT Magazine is catching up

"Microsoft says it is creating a sovereign cloud for Europe to address data protection concerns on the old continent. However, a Microsoft executive has now confirmed under oath: It is impossible to guarantee that no data will be shared with US authorities."

https://www.itmagazine.ch/artikel/85137/Unter_Eid_Microsoft_kann_Schutz_vor_Cloud_Act_nicht_garantieren.html

Unter Eid: Microsoft kann Schutz vor Cloud Act nicht garantieren

Microsoft schafft laut eigener Aussage eine souveräne Cloud für Europa, um die Datenschutzbedenken auf dem alten Kontinent zu adressieren. Ein Microsoft-Manager hat nun aber unter Eid bestätigt: Eine Garantie, dass keine Daten an US-Behörden weiteregegeben werden, ist nicht möglich.

Swiss IT Media GmbH

Show thread

Sebastian Kübeck Jul 21, 2025

@Linkshaender

From Heise Online:

No guarantees: Microsoft must transfer EU data to the USA

"Hyperscalers such as Amazon are setting up new subsidiaries in Europe that promise independence from the US parent company.

Technically, a transfer of data is not possible at all, is the promise of AWS. Microsoft, on the other hand, wants to install the cloud infrastructure directly at the customer's site so that services such as M365 remain completely under their control.

The maintenance of the systems will continue to be carried out by Microsoft, but by local employees. However, it is questionable how successful these promises of sovereignty are: Providers such as Nextcloud have been experiencing significantly higher demand since the beginning of the year."

https://www.heise.de/news/Nicht-souveraen-Microsoft-kann-Sicherheit-von-EU-Daten-nicht-garantieren-10494684.html

Keine Garantien: Microsoft muss EU-Daten an USA übermitteln

In einer Anhörung musste der Chefjustiziar von Microsoft France zugeben: Es gibt keine Garantie, dass EU-Daten vor einer Übermittlung in die USA sicher sind.

heise online

Show thread

Florian Norbisrath Jul 16, 2025

@skuebeck i guess i missed out about this news, do you have ressources for the statement?

Show thread

Sebastian Kübeck Jul 16, 2025

@greyscaleapple

Thx. See updated post.

Show thread

Armin Hanisch Jul 16, 2025

@skuebeck @koehntopp A source would have been nice instead of just pasting an X post and a funny meme. It’s really not that hard. 🙄

The statement was made by Anton Carniaux of MS France and can be read at page 23 of https://www.senat.fr/fileadmin/cru-1750816532/Structures_temporaires/commissions_d_enquete/CE_Commande_publique/r24-830-11.pdf?trk=comments_comments-list_comment-text

Show thread

Sebastian Kübeck Jul 16, 2025

@Linkshaender @koehntopp

Don't complain, contribute! Thx anyway!

Show thread

Walter van Holst Jul 17, 2025

@Linkshaender @skuebeck @koehntopp That is also a quote and it is not clear from the Senate document when and where it was said. Do we have a date and a name of the committee in which it was said? This is relevant to my interests....

Show thread

Erik Ableson Jul 16, 2025

@skuebeck @Linkshaender I'm wading through the rest of the interviews in that session and it makes for some fascinating reading

Show thread

__Miguel_Jul 16, 2025

@skuebeck I think I should add that the complete translation of what was asked was not just "all data from French people stays in Europe", but something along the lines of "Can you guarantee the data from French citizens will never be handed over to foreign authorities without French authorities agreeing to it?".

The answer to that question MUST be "no", because regardless of where MS's data is, they're bound by the draconian US laws, at least one of which allows judges to request ANY data from ANYONE under US jurisdiction, while simultaneously blocking them from even telling anyone else they even received such a request, let alone its contents, or the data that was shared.

Still a VERY valid reason to drop MS like a bad habit, though, because while the data might stay in the EU, the US can still get it regardless.

Show thread

David Jul 17, 2025

@nanianmichaels @skuebeck You're right that geographic data residency on its own is insufficient, and there is a potential solution to this: The EU would need to require the formation of a EU-headquartered company—say, Microsoft Europe—which is not a subsidiary of Microsoft, which has only EU citizen and resident officers and controlling owners, and which is bound to Microsoft [US] through contracts, shared source code, irrevocably license agreements, and cryptographic keys, such that Microsoft [US] has no legal, organizational, or technological means to cause Microsoft Europe to violate EU or member state law.

A similar principle could require a Google Europe, or a Microsoft Canada, with the same constraints. The non-US company can be a minimal structure—just enough to administer the hardware—but its existence, with a sufficiently separated legal and technical structures, provides a check against the US government trying to throw its weight around outside its own jurisdiction.

Show thread

Antonio J. Delgado❤️🧡💛💚💙💜Jul 16, 2025

@skuebeck @Linkshaender This is from 2016/2017 and the link can't be reached
UPDATE: Nop, the doc posted by @joosteto is from 2025. It might be that the statement was made earlier because I found some articles from 2016/2017

Show thread

joosteto Jul 16, 2025

@adelgado @skuebeck @Linkshaender
https://www.senat.fr/fileadmin/cru-1750816532/Structures_temporaires/commissions_d_enquete/CE_Commande_publique/r24-830-11.pdf#page=23

Show thread

BohwaZ Jul 17, 2025

@adelgado
That statement was made very recently I watched it live.
@skuebeck @Linkshaender

Show thread

joosteto Jul 16, 2025

@skuebeck @Linkshaender
You've shortened the link, it doesn't work now. This is the full link (linking directly to page 23):

https://www.senat.fr/fileadmin/cru-1750816532/Structures_temporaires/commissions_d_enquete/CE_Commande_publique/r24-830-11.pdf#page=23

Show thread

Andre Jul 16, 2025

@skuebeck fun fact: CLOUD Act. No US based company can guarantee any data protection to anyone not from US.

Show thread

Sebastian Kübeck Jul 16, 2025

@ComPod They couldn't before that. Confidentiality ended with 9/11 in the US.

Show thread

Andre Jul 16, 2025

@skuebeck before that date there was No Such Agency interested in getting absolutely everything about absolutely everyone. And since then, there’s of course no Such Agency that would do that. Which we would never be allowed to know about.

Show thread

grob (teeth era) 🇺🇦🏳️‍🌈🏳️‍⚧️Jul 16, 2025

@skuebeck @Linkshaender and hardly anyone in charge will care, because they do not understand that in IT "I cannot guarantee that"/"it can happen" usually means it can be done anytime, at scale and unseen. As opposed to real life(tm) where it means it's probably hard, processes take time, someone will notice and complain. IT is different, people don't get it.

Show thread

Jona Joachim Jul 16, 2025

@skuebeck
I don't understand why people are so astonished by this. This has been clear for a very long time for every US company
@Linkshaender

Show thread

Visa Pollari Jul 17, 2025

@skuebeck @Linkshaender it baffles me how often Microsoft wins government contracts.

Show thread

Joaquim Homrighausen Jul 17, 2025

@visapollari

It shouldn't baffle you. The people handling the government side of things aren't the least interested unless there's legislation in place to prevent it.

Oh wait ... there is 😉 😎

And, Microsoft (and others) are known for their massive lobbying efforts.

@skuebeck @Linkshaender

Show thread

da_habakuk Jul 17, 2025

@skuebeck @Hetti @Linkshaender quelle surprise

Show thread

We don't need AI. AI needs us.Jul 17, 2025

@skuebeck
Anything gafam isn't sovereign, except for the USA..
@Linkshaender