In a concerning admission, Microsoft stated that it “cannot guarantee” data sovereignty for its customers in France and the broader European Union, amid potential demands for access from the Trump administration to customer information stored on its servers. This issue arose during a Senate hearing where Microsoft’s Anton Carniaux, the director of public and legal affairs, explained the implications of the Cloud Act.
The Cloud Act allows the US government extensive authority to access digital data held by US-based tech companies, regardless of whether the data is located on domestic or foreign servers. During the inquiry into European digital sovereignty, Carniaux was clear on the challenges: Microsoft has contractually committed to resist invalid requests but acknowledged that well-founded requests would be hard to contest.
Carniaux emphasized that Microsoft has established a rigorous defense against such requests, noting that they had previously challenged unjustified data demands through legal avenues, including cases that reached the US Supreme Court. Yet, despite these assurances, he stated that there was no guarantee that data pertaining to French citizens would remain undisclosed in case of an injunction.
The potential ramifications of these revelations extend beyond just Microsoft. Mark Boost, CEO of Civo, underscored that Microsoft’s testimony confirms the broader risk posed by US cloud providers, suggesting that even with European servers, data could be vulnerable to US jurisdiction. This raises questions about national security and the integrity of personal privacy for businesses and individuals alike.
As European nations grapple with these challenges, there is increasing momentum towards building domestic solutions that can ensure true data sovereignty. AWS and Google are also responding to similar concerns by reinforcing their commitment to respect local laws and customer privacy, although ongoing skepticism remains regarding the capabilities of American tech giants to guarantee absolute data protection.
The tension between the US and European data sovereignty interests highlights a critical moment in the tech landscape, prompting lawmakers and industry leaders to seek pathways that would allow for a more independent future in digital services.