Microsoft acknowledges lack of assurance regarding sovereignty of UK policing data

Microsoft has informed Scottish policing bodies that they cannot guarantee the sovereignty of UK policing data hosted on its public cloud infrastructure. The company admitted that data uploaded to the Digital Evidence Sharing Capability (DESC) system may not remain in the UK as required by law. Microsoft acknowledged that data from their cloud infrastructure is frequently transferred and processed overseas, creating concerns for data protection compliance. They stated that technical changes could be made to ensure compliance but are currently only implementing these changes for DESC partners and not other policing bodies due to lack of requests.

As a result, concerns have been raised that UK policing data has been transferred abroad, breaching UK data protection laws. An independent security consultant highlighted the lack of compliance by Microsoft with UK data protection laws and raised questions about the offshoring of data by UK government users as well.
There are ongoing concerns about data sovereignty for cloud systems used by police in the UK, with regulatory and data protection experts questioning the legality of data transfers overseas. Microsoft has not made specific commitments to address these issues, leaving many questions unanswered.

While Microsoft has agreed to make changes to ensure DESC compliance, these changes are only being implemented for specific policing bodies and not all users of their cloud services. Experts believe that a move away from using Microsoft-based cloud services may be necessary to ensure compliance with UK data protection laws. The lack of competition in hyperscale cloud markets has meant that Microsoft is not incentivized to make broader changes, despite the legal concerns raised by UK policing bodies.

The challenges presented by Microsoft’s cloud services highlight the need for closer oversight and control of data transfers by UK policing bodies. The Information Commissioner’s Office has provided guidance to Police Scotland on measures to ensure DESC’s compliance with UK data protection laws. The issue extends to the wider government, as data sovereignty clauses in the latest G-Cloud framework may also be at risk of non-compliance.

Unlock your business potential with our expert guidance. Get in touch now!

Robot-bot-chatbot-AI.jpg

A Jobseeker’s Handbook: Leveraging AI and Its Implications for Employers

tr_20241220-top-software-development-technologies.jpg

8 Key Software Development Technologies to Watch in 2025

cloud-money-finance-investment-savings-adobe.jpg

AWS Provides Hackney Council with a Minimum 22% Discount on Cloud Services via OGVA 2.0

tr_20241219-eu-guidance-ai-privacy-laws.jpg

EU Provides Guidance for AI Developers on Compliance with Privacy Regulations

IT-sustainability-think-tank-hero.jpg

IT Sustainability Think Tank: Insights from 2024 and Key Priorities for 2025

AdobeStock_210063189.jpg

NVIDIA Unveils New Mini Developer Kit for Generative AI

technology-digital-ai-binary-adobe.jpeg

Digital Ethics Summit 2024: Understanding the Socio-Technical Aspects of AI