Microsoft has acknowledged that it cannot guarantee protection of French citizen data from US snooping. In a sworn testimony before a French Senate inquiry, Anton Carniaux, Microsoft France’s director of public and legal affairs, admitted that the company cannot ensure data is not transmitted to US authorities without explicit French authorization.
Under the US Cloud Act, US companies can be forced to hand over data regardless of where it is stored. This raises concerns about European data sovereignty. Mark Boost, CEO of cloud provider Civo, commented: “This is a real-world issue that impacts national security, personal privacy and business competitiveness.”
The inquiry focuses on Microsoft’s partnership with Orange and Capgemini for the Health Data Hub medical research platform. Concerns were raised about the separation of platforms and potential data sharing. Carniaux’s admission highlights the EU’s reliance on US cloud providers like Microsoft and AWS.
A recent European Parliament report found that US firms dominate the European cloud infrastructure market, holding 69% of shares, while EU suppliers hold just 13%. The French Senate inquiry sets a precedent for demanding answers about data sovereignty, prompting a shift towards building homegrown solutions.
Source: https://www.forbes.com/sites/emmawoollacott/2025/07/22/microsoft-cant-keep-eu-data-safe-from-us-authorities