Scottish Police Face Data Sovereignty Showdown with Microsoft
Scottish police are grappling with significant data security and sovereignty challenges in their adoption of Microsoft Office 365. Microsoft's refusal to disclose data processing locations and methods, citing "commercial confidentiality," prevents the police from meeting the stringent data transfer restrictions of the UK's 2018 Data Protection Act. This raises concerns about data potentially being processed in countries lacking adequate data protection, including China and India, and highlights the risks of relying on cloud services without sovereign cloud capabilities. While aware of the risks, the police are constrained by the UK National Enabling Programme and existing contracts with Microsoft, making a swift change of supplier difficult.