Microsoft denies media reports alleging data-sharing with US agencies

Microsoft reponse

This is with reference to the story published by Scroll.in on October 30 titled “Microsoft regularly shared data of India bank customers with US intelligence agencies, claims report”, referencing a Reserve Bank of India Risk Assessment Report.

The story is extremely misleading, factually erroneous and has caused a lot of distress among Microsoft’s employees, partners and customers, in addition to discrediting Microsoft in the country.

We have not been given any opportunity to see or comment on the mentioned RBI risk report. Please review our position on the topic published on the Microsoft India News Center here.

We would also like to set the record straight and call out the following points in particular:

1. We categorically deny allegations of the report that Microsoft provides the US government – or any government – with unfettered access to data or provides any customer data in contravention of our public statements and clearly articulated principles and contractual obligations. Microsoft does not provide any government entity anywhere in the world unfettered access to customer data through any means including backdoors in products, special access etc. Microsoft never provides customer data unless we receive a legally valid warrant, order, or subpoena about specific accounts or individual identifiers. If data is provided, it is done only after a thorough legal review to check whether the request is appropriate and consistent with the rule of law and Microsoft’s principles. For commercial customers, absent extraordinary circumstances, Microsoft redirects governments to seek data directly from them and informs the commercial entity when any government seeks its data.
2. The story also mentions a number of alleged disclosures by Microsoft of data of Indian customers in the United States to the US Government, based on RBI’s risk report. These numbers do not match any data available to Microsoft and remain unverified. Microsoft does not record data on the nationality of our customers.

Please also note that Microsoft data centres in India began their operations towards the end of 2015 post which various Indian banks started to consume our cloud services.

Please refer to our Data Law site, where we detail everything we have done to protect our customers’ data as well as our principles explaining why we go to such lengths to fight for them.

– Microsoft India