Microsoft is under scrutiny in the European Union after a formal complaint alleged that the company stored data on Palestinians, which was reportedly used by the Israeli military for surveillance. The Irish Data Protection Commission (DPC), Microsoft’s lead EU regulator, confirmed on December 4 that it has received the complaint and is currently assessing the matter.
The complaint was lodged by Eko, a non-profit organisation advocating for “people and planet over profits.” Eko claims that Microsoft “unlawfully processed personal data belonging to Palestinians and EU citizens, enabling surveillance, targeting, and occupation by the Israeli military,” in violation of EU data protection regulations.
The allegations follow a Guardian investigation revealing that the Israeli Defense Forces used Microsoft’s Azure cloud platform to store data collected from phone calls during mass surveillance of civilians in Gaza and the West Bank. In response, Microsoft restricted Israeli military access to certain cloud services in September.
Eko further claims that whistleblowers have since provided evidence suggesting that Microsoft rapidly transferred large amounts of allegedly illegally obtained data after the Guardian report. A Microsoft spokesperson said, “Our customers own their data, and the actions taken by this customer to transfer their data in August were their choice. These actions in no way impeded our investigation.”
The data in question was reportedly stored on Microsoft servers in Ireland and the Netherlands, bringing it under the EU’s General Data Protection Regulation (GDPR), introduced in 2018 to safeguard European consumers from the misuse of personal information.