Microsoft acknowledges lack of assurance regarding sovereignty of UK policing data

Microsoft has informed Scottish policing bodies that they cannot guarantee the sovereignty of UK policing data hosted on its public cloud infrastructure. The company admitted that data uploaded to the Digital Evidence Sharing Capability (DESC) system may not remain in the UK as required by law. Microsoft acknowledged that data from their cloud infrastructure is frequently transferred and processed overseas, creating concerns for data protection compliance. They stated that technical changes could be made to ensure compliance but are currently only implementing these changes for DESC partners and not other policing bodies due to lack of requests.

As a result, concerns have been raised that UK policing data has been transferred abroad, breaching UK data protection laws. An independent security consultant highlighted the lack of compliance by Microsoft with UK data protection laws and raised questions about the offshoring of data by UK government users as well.
There are ongoing concerns about data sovereignty for cloud systems used by police in the UK, with regulatory and data protection experts questioning the legality of data transfers overseas. Microsoft has not made specific commitments to address these issues, leaving many questions unanswered.

While Microsoft has agreed to make changes to ensure DESC compliance, these changes are only being implemented for specific policing bodies and not all users of their cloud services. Experts believe that a move away from using Microsoft-based cloud services may be necessary to ensure compliance with UK data protection laws. The lack of competition in hyperscale cloud markets has meant that Microsoft is not incentivized to make broader changes, despite the legal concerns raised by UK policing bodies.

The challenges presented by Microsoft’s cloud services highlight the need for closer oversight and control of data transfers by UK policing bodies. The Information Commissioner’s Office has provided guidance to Police Scotland on measures to ensure DESC’s compliance with UK data protection laws. The issue extends to the wider government, as data sovereignty clauses in the latest G-Cloud framework may also be at risk of non-compliance.

Unlock your business potential with our expert guidance. Get in touch now!

tr_20241213-google-android-xr.jpg

Introducing a New Age of Smart Glasses

network-security-key-featured-image-12102024-min.png

Step-by-Step Guide to Locating Your Network Security Key on Any Device

money-growth-fotolia.jpg

Unlocking AI’s Potential: Three Steps to Maximize ROI in 2025

surveillance-biometrics-identity-privacy-KUBE-adobe.jpg

UK Police Illegally Retain Millions of Custody Images

is-faxing-secure-featured-image-12092024-min.png

Is Faxing Secure? Absolutely, When You Use Proper Network Protection

tra_20241209-the-complete-2025-comptia-certification-training-super-bundle-by-idunova.jpg

Get Ready for 2025 with Our CompTIA Training Bundle for Just $50!

stateless-firewall-featured-image-12052024-min.png

5 Benefits of Implementing a Stateless Firewall (and 3 Important Limitations)