Microsoft has admitted it cannot protect EU citizen data from U.S. government access, even when stored in European data centers. In sworn testimony before a French Senate inquiry in June 2025, Microsoft France’s legal director Anton Carniaux stated “No, I cannot guarantee” that French citizen data would never be transmitted to U.S. authorities without explicit French authorization[1].
The admission stems from the U.S. CLOUD Act, which compels American companies to hand over user data regardless of where it is stored[1:1]. While Microsoft claims to resist “unfounded” requests, they must ultimately comply with legally valid U.S. demands[2].
This revelation has significant implications for European data sovereignty, as U.S. firms control 69% of Europe’s cloud infrastructure[1:2]. The issue affects all major U.S. cloud providers - Microsoft, Google, and AWS must all comply with U.S. surveillance laws including FISA, the CLOUD Act, and Executive Order 12333[2:1].
European officials worry this creates dangerous dependencies, as sensitive government, healthcare and business data could be accessed without EU oversight[3]. Some experts advocate shifting to EU-based providers operating solely under European jurisdiction[2:2].
Well, it’s clear that the EU can’t avoid leaking data to the US, when they continue using US Cloud providers, irrelevant if they use MS, Google or any other. They can force MS to have OneDrive desactivated by default, let the choice to the user if he want to use it or any other EU provider, if he can’t o won’t to use Linux, but there is the same problem when he use US cloud providers, is there where tha data are property of the corresponding company and the gov “to protect the childrem and making America great again”
EU sovereignty in soft an services, better yesterday as tomorrow, FTUS
You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: [email protected]
This is the official technology community of Lemmy.ml for all news related to creation and use of technology, and to facilitate civil, meaningful discussion around it.
Ask in DM before posting product reviews or ads. All such posts otherwise are subject to removal.
Rules:
1: All Lemmy rules apply
2: Do not post low effort posts
3: NEVER post naziped*gore stuff
4: Always post article URLs or their archived version URLs as sources, NOT screenshots. Help the blind users.
5: personal rants of Big Tech CEOs like Elon Musk are unwelcome (does not include posts about their companies affecting wide range of people)
6: no advertisement posts unless verified as legitimate and non-exploitative/non-consumerist
7: crypto related posts, unless essential, are disallowed
What a surprise.
Summary
Microsoft has admitted it cannot protect EU citizen data from U.S. government access, even when stored in European data centers. In sworn testimony before a French Senate inquiry in June 2025, Microsoft France’s legal director Anton Carniaux stated “No, I cannot guarantee” that French citizen data would never be transmitted to U.S. authorities without explicit French authorization[1].
The admission stems from the U.S. CLOUD Act, which compels American companies to hand over user data regardless of where it is stored[1:1]. While Microsoft claims to resist “unfounded” requests, they must ultimately comply with legally valid U.S. demands[2].
This revelation has significant implications for European data sovereignty, as U.S. firms control 69% of Europe’s cloud infrastructure[1:2]. The issue affects all major U.S. cloud providers - Microsoft, Google, and AWS must all comply with U.S. surveillance laws including FISA, the CLOUD Act, and Executive Order 12333[2:1].
European officials worry this creates dangerous dependencies, as sensitive government, healthcare and business data could be accessed without EU oversight[3]. Some experts advocate shifting to EU-based providers operating solely under European jurisdiction[2:2].
Well, it’s clear that the EU can’t avoid leaking data to the US, when they continue using US Cloud providers, irrelevant if they use MS, Google or any other. They can force MS to have OneDrive desactivated by default, let the choice to the user if he want to use it or any other EU provider, if he can’t o won’t to use Linux, but there is the same problem when he use US cloud providers, is there where tha data are property of the corresponding company and the gov “to protect the childrem and making America great again”
EU sovereignty in soft an services, better yesterday as tomorrow, FTUS
Forbes - Microsoft Can’t Keep EU Data Safe From US Authorities ↩︎ ↩︎ ↩︎
Wire - Why Big Tech Can’t Deliver True Data Sovereignty ↩︎ ↩︎ ↩︎
Fudzilla - Microsoft can’t keep EU data out of US paws ↩︎
As if they even tried