Skip to content
logo The magazine for digital lifestyle and entertainment
A brand of Bild
Cloud CoBi Data protection Microsoft News All topics
Data Privacy Issue

Microsoft Makes Numerous Customer Data Transparent

Microsoft Cloud Data
Microsoft Cloud Data Flows Are Dispersed Photo: SOPA Images/LightRocket via Getty Images
Share article

October 10, 2025, 6:22 am | Read time: 3 minutes

New revelations raise questions about the transparency of Microsoft’s cloud services. According to the British tech magazine “Computer Weekly,” user data is apparently being transferred to significantly more countries than Microsoft officially states.

While Microsoft provides information on international data transfers, these are published in such a scattered and inaccessible manner that they are practically impossible to find. In some cases, the documents cannot be accessed via search engines or direct URL entry–only by searching for complete text passages. This makes it significantly more difficult for authorities and companies to track where their data actually goes and which partners have access.

Dispute Over Data Access at Scottish Police

The problem is particularly evident in the case of the Scottish police. They sought to learn, under the Freedom of Information Act, to which countries data from the Office 365 infrastructure is transferred. However, Microsoft refused to provide specific details, citing trade secrets. This decision, according to data protection advocates, undermines the agency’s data sovereignty.

According to internal communications, Microsoft is said to have admitted that access from 34 countries is possible. In publicly available documents on the Microsoft Learn platform, however, there are indications of over 100 countries from which employees or partners could theoretically gain access.

More on the topic

Experts Criticize Lack of Transparency

Security expert Owen Sayers sees this as a serious data protection issue. He told “Computer Weekly” that lists of subcontractors, subsidiaries, and service providers are spread across numerous marketing materials. This presentation makes the Microsoft cloud appear universal and flexible but creates a situation “where even a proper due diligence review is unlikely to recognize the full extent of outsourcing.”

Data Protection Remains a Challenge

For the Scottish Police Authority, the lack of clarity has serious consequences. Under current data protection law, it must know exactly where the company stores and processes sensitive information. Microsoft’s reticent information policy thus leads to a conflict between legal obligations and the practical use of cloud services.

Also of interest: Microsoft discontinues app! Millions of users must switch

Although the agency stated upon request that it is aware of all data locations where Microsoft processes customer data, it remains unclear when the full implementation of Microsoft 365 can actually take place and whether transparency will improve in the future.

This article is a machine translation of the original German version of TECHBOOK and has been reviewed for accuracy and quality by a native speaker. For feedback, please contact us at info@techbook.de.

You have successfully withdrawn your consent to the processing of personal data through tracking and advertising when using this website. You can now consent to data processing again or object to legitimate interests.