Top privacy questions a customer should ask their cloud provider
Microsoft Office 365 provides essential privacy features to all Office 365 customers. The purpose of this section is to describe these privacy features and how they meet the high standards of privacy set by EU authorities. On July 1, 2012, the EU’s Article 29 Working Party (WP29)—a group made up of the European Union’s national data protection authorities—adopted Opinion 05/2012 on Cloud Computing. The Opinion on Cloud Computing highlights the benefits of cloud computing, including enhanced efficiency and greater security. In the Opinion, the WP29 emphasizes the importance of choosing a cloud service provider that is transparent about its data protection practices and that respects the privacy of customer data.
The WP29 Opinion provides essential guidance for current and would-be cloud users. It also raises a number of questions that cloud customers, in their role as data controllers, should consider when selecting a cloud provider. The key privacy questions and the Office 365 responses are described here.
Office 365 provides a comprehensive data protection agreement (DPA) and offers the EU Model Clauses in addition to self-certification under the U.S.-EU Safe Harbor framework. While the EU Model Clauses are specifically built for EU customers, the DPA is an aggregation of the best privacy practices of different countries and is offered to all customers regardless of geography or size. The processes that Office 365 has built to comply with the EU Model Clauses are not restricted to EU customers but are available to all customers.