OCR Output (chars: 3434)
* First, we are committing that we will challenge every government request for public sector or enterprise
customer data - from any government — where there is a lawful basis for doing so. This strong commitment Duty under Article 6(1)(c) — if there is no
goes beyond the proposed recommendations of the EDPB. ‘
duty to comply (illegal request) then you
‘* Second, we will provide monetary compensation to these customers’ users if we disclose their data in
Tesponse to a government request in violation of the EU's General Data Protection Regulation (GDPR). This can‘t provide the data... Challingingit is the
commitment also exceeds the EDPB’s recommendations. It shows Microsoft is confident that we will logica I consquence - nothi ng new.
protect our public sector and enterprise customers’ data and not expose it to inappropriate disclosure. -
We call these protections Defending Your Data, and we will begin adding them to our contracts with public Duty under Article 82 GDPR, but without
sector and enterprise customers immediately. all the limits (no class action, burden of
Defending Your Data makes a substantial addition to our foundational privacy promises, and builds on the proof on the user, etc) that Microsoft put
strong protections we already offer customers. into it’s contract and that would actually
‘© We use strong encryption: We encrypt customer data with a high standard of encryption both when it is limit (!) data subejcts’ (third party) rights!
‘© We stand up for customer rights: We do not provide any government with direct, unfettered access to Required under Article 32 GDPR - big News.
customer data. If a government demands customer data from us, it must follow applicable legal process.
We will only comply with demands when we are clearly compelled to do so. Our first step is always to
attempt to re-direct such orders to customers or to inform them, and we routinely deny or challenge orders
when we believe they are not legal.
Yeah, so Microsoft complies with FISA 702
which is the ,,legal process“.
in transit and at rest. Encryption is a critical point in the draft EDPB recommendations. We do not provide
any government with our encryption keys or any other way to break our encryption. “~~
© We are transparent: We have, for many years, published information about government demands for
customer data. We sued the U.S. government over the ability to disclose more data about the national
security orders we receive seeking customer data and reached a settlement enabling us to do so. As a 5
result, twice a year, we disclose more detailed information about these national security orders across all Yeah, so you even disclose that you
our businesses (consumer, enterprise, and public sector), in addition to our regular Law Enforcement provided the data of 28.500 to 29.998
Request Report, .
accounts in 2019.
© We have a track record of legal success. We have more experience than any other company going to ‘ a
court to establish the limits of government surveillance orders, and we have even taken one case to the US. Congrats, good job on SCA — but frankly
Supreme Court. Our efforts have provided customers with greater transparency and stronger protections. overturend by the Cloud Act and irrelevant
No commitment to challenge access orders can assure victory, but we feel good about our record of
success to date. when this is about FISA 702.
chaos.social – a Fediverse instance for & by the Chaos community