I guess you heard the ruling by the Court of Justice for the European Union on cross-border transfer. I think it is important to understand our position on this as outlined here: Assuring Customers About Cross-Border Data Flows
From my point of view the important parts are:
Today the Court of Justice for the European Union issued a ruling in a case examining transfers of data from the EU. We appreciate that some of our customers may have questions about the impact of this ruling.
We want to be clear: if you are a commercial customer, you can continue to use Microsoft services in compliance with European law. The Court’s ruling does not change your ability to transfer data today between the EU and U.S. using the Microsoft cloud.
For years we have provided customers with overlapping protections under both the Standard Contractual Clauses (SCCs) and Privacy Shield frameworks for data transfers. Although today’s ruling invalidated the use of Privacy Shield moving forward, the SCCs remain valid. Our commercial customers are already protected under SCCs.
For us Privacy was and remains crucial for our business. We proved that several times already:
We routinely work to advance our protections for customers based on developments like today’s. We were the first cloud provider to work with European data protection authorities for approval of Europe’s model clauses, the first to adopt new technical standards for cloud privacy, we embraced Privacy Shield as a successor to Safe Harbor after that framework was invalidated, and we extended core GDPR rights to our worldwide customer base.
We want to remain your trustworthy partner of choice.