Microsoft acknowledges lack of assurance regarding sovereignty of UK policing data

Microsoft has informed Scottish policing bodies that they cannot guarantee the sovereignty of UK policing data hosted on its public cloud infrastructure. The company admitted that data uploaded to the Digital Evidence Sharing Capability (DESC) system may not remain in the UK as required by law. Microsoft acknowledged that data from their cloud infrastructure is frequently transferred and processed overseas, creating concerns for data protection compliance. They stated that technical changes could be made to ensure compliance but are currently only implementing these changes for DESC partners and not other policing bodies due to lack of requests.

As a result, concerns have been raised that UK policing data has been transferred abroad, breaching UK data protection laws. An independent security consultant highlighted the lack of compliance by Microsoft with UK data protection laws and raised questions about the offshoring of data by UK government users as well.
There are ongoing concerns about data sovereignty for cloud systems used by police in the UK, with regulatory and data protection experts questioning the legality of data transfers overseas. Microsoft has not made specific commitments to address these issues, leaving many questions unanswered.

While Microsoft has agreed to make changes to ensure DESC compliance, these changes are only being implemented for specific policing bodies and not all users of their cloud services. Experts believe that a move away from using Microsoft-based cloud services may be necessary to ensure compliance with UK data protection laws. The lack of competition in hyperscale cloud markets has meant that Microsoft is not incentivized to make broader changes, despite the legal concerns raised by UK policing bodies.

The challenges presented by Microsoft’s cloud services highlight the need for closer oversight and control of data transfers by UK policing bodies. The Information Commissioner’s Office has provided guidance to Police Scotland on measures to ensure DESC’s compliance with UK data protection laws. The issue extends to the wider government, as data sovereignty clauses in the latest G-Cloud framework may also be at risk of non-compliance.

Unlock your business potential with our expert guidance. Get in touch now!

transport-speed-distribution-logistics-adobe.jpg

Digital Catapult Celebrates Shared Infrastructure as a Pathway to Decarbonizing the Logistics Sector

delimited-list-word-tutorial.jpeg

5 Ways to Delete a Page in Word

identity-diversity-people-reshidea-adobe.jpg

From Beauty Icon to Tech Trailblazer: This Year’s Most Influential Woman in UK Technology

tr_20241119-debian-vs-ubuntu.jpg

Which Linux Distribution Is Right for You?

what-is-twake.jpeg

10 Top Free Project Management Tools and Software

tr_20241115-anz-cio-challenges-ai-cybersecurity.jpg

AI, Cybersecurity, and Data Analytics: Trends and Innovations for 2025

tr_20241115-ubuntu-server-the-smart-persons-guide.jpg

Ubuntu Server Quick Reference Guide