"The documents contained in the FoI dump include correspondence between the tech giant and policing bodies and two data protection impact assessments (DPIAs). The tech giant also refused to disclose its own risk assessments into the transfer of UK policing data to other jurisdictions, including China and others deemed "hostile" in the DPIA documents."
"The same documents also contain an admission from Microsoft - given while simultaneously refusing to divulge key information about data flows - that it is unable to guarantee the sovereignty of policing data held and processed within its O365 infrastructure. This echoes the statements senior Microsoft representatives made to the French senate in June 2025, in which they admitted the company cannot guarantee the sovereignty of European data stored and processed in its services generally."
Documents released under freedom of information show Microsoft refused to provide details of international data flows for policing data to the Scottish Police Authority and Police Scotland. The FoI dump includes correspondence and two DPIAs, yet Microsoft declined to share its own risk assessments about transfers to other jurisdictions, including China and countries labelled as "hostile". Microsoft admitted it cannot guarantee the sovereignty of policing data held and processed within O365, mirroring statements made to the French senate that it cannot guarantee European data sovereignty. Police Scotland and the SPA cannot satisfy Part Three of the DPA18 without those disclosures.
Read at ComputerWeekly.com
Unable to calculate read time
Collection
[
|
...
]