Microsoft Allegedly Leaked Dutch Civil Servants' Data To the US (cybernews.com)
- Reference: 0183436780
- News link: https://yro.slashdot.org/story/26/05/28/1652241/microsoft-allegedly-leaked-dutch-civil-servants-data-to-the-us
- Source link: https://cybernews.com/tech/microsoft-dutch-data/
> The technology giant Microsoft has been [1]accused of leaking the data of civil servants working for the Netherlands' regulatory agencies to the US House of Representatives. The civil servants affected by the leak work at the Authority for Consumers and Markets (ACM) and the Dutch Data Protection Authority (AP), according to the NL Times. They are involved in implementing the Digital Services Act (DSA), the European Union regulation on online services, aimed at combating illegal content and protecting user rights.
>
> NL Times [2]reports that Microsoft shared emails, minutes, and invitations sent by the civil servants [3]without redacting their names in the documents . Willemijn Aerdts, Dutch State Secretary for Digital Economy and Sovereignty, said she discussed the allegations with US Ambassador to the Netherlands Joe Popolo. [...] The allegations against Microsoft further strengthen concerns over Europe's dependence on American technologies, which poses major risks to data privacy.
Further reading: [4]Netherlands Blocks US Takeover of Vital Digital Supplier
[1] https://www.vn.nl/microsoft-ambtenaren-amerikaanse-overheid
[2] https://nltimes.nl/2026/05/22/microsoft-accused-leaking-dutch-civil-servants-names-us-government
[3] https://cybernews.com/tech/microsoft-dutch-data/
[4] https://yro.slashdot.org/story/26/05/26/1739255/netherlands-blocks-us-takeover-of-vital-digital-supplier
Data Sovereignty (Score:4, Insightful)
If you use Amazon or Microsoft, your data is as protected as Trump's next tantrum. Actually worse than that, as there will be people seeking compliance in advance and nobody gives a damn about American laws nevermind yours.
You cannot trust the US government (Score:5, Insightful)
The US government can compel any US company to release data that it holds, even if that data is stored outside the US. Pretending that any US company can comply with the GDPR is a fantasy.
This might, might be acceptable, if one could trust the US government. At latest after the Snowdon revelations, we all know that you cannot.
Re: You cannot trust the US government (Score:2)
> Pretending that any US company can comply with the GDPR is a fantasy.
The GDPR explicitly carves out an exception for data controllers complying with government orders.
Leaked? (Score:2)
"Leaked"
*wink* *wink*
Unclear to Me... (Score:2)
Is this emails taken from the M365 mailboxes of the Dutch officials? Or, are these emails exchanged between Microsoft corporation and Dutch officials?
I guess this just goes to show (Score:5, Insightful)
The Dutch were right in telling foreign companies to fuck off: [1]https://yro.slashdot.org/story... [slashdot.org]
And the US Ambassador who is whinging about this decision [2]https://cybernews.com/tech/net... [cybernews.com] can go fuck himself and then fuck off. Or maybe the other way around, no one wants to see him do that.
[1] https://yro.slashdot.org/story/26/05/26/1739255/netherlands-blocks-us-takeover-of-vital-digital-supplier
[2] https://cybernews.com/tech/netherlands-us-digid/
Re: (Score:3)
Joseph Popolo is another DEI hire. He’s a marketing CEO and investment banker.
Microsoft (Score:2)
Microsoft is a danger to everyone.
Re: (Score:2)
US-based IT companies are a danger to everyone outside the USA.
Re: (Score:2)
> US-based IT companies are a danger to everyone.
FTFY.
No Choice (Score:5, Insightful)
Microsoft had no choice but to comply with the subpoena. The Dutch, and the rest of the world, does have the choice in which cloud service, if any, they put all of their data.
Re: (Score:2)
Buy some Trump shitcoins and your troubles are gone.
Re:No Choice (Score:4, Interesting)
The other option is to seize the company assets within the country on espionage charges.
Re: (Score:3)
Why do you think the Dutch authorities are now blocking the acquisition of Solvinity by some US based firm? Solvinity manages the servers for the national identity provider scheme (DigiD).
Personally I don't think the government should be using 3rd party clouds for anything remotely critical. They have the scale to make running their own infrastructure worthwhile financially, and the know-how to run it effectively.
Re:No Choice (Score:4, Interesting)
Microsoft had no choice but to comply with the subpoena.
No such DOJ criminal warrant or subpoena was issued. What's extraordinary is that the U.S. House of Representatives engaged in spying on a regulatory agency of a fellow NATO member. But then again, the current Washington Administration does seem to be about burning all bridges.
Re: (Score:2)
> No such DOJ criminal warrant or subpoena was issued.
No need, all the USA gov't needs to say is "We can do this the easy way or the hard way, either way we will get what we want."
Re: (Score:2)
"American tech companies are required to share data with the U.S. government due to the Cloud Act in force in that country." - the CLOUD Act. It's not clear if a subpoena or summons was issued as required by the act. . All I have seen is that the US "demanded" the data. The Dutch government probably didn't want to go up against the US government, or worse Microsoft.
Re: (Score:2)
They starting that, along with a whole pile of other IT changes that kicks US companies out of the EU.
The US government has forced this, and what is worse is they have created a competitor to the USA. They are building everything on top of OSS/Linux.
And they will be able to export the know how to other countries, and offer much safer solutions for smaller countries to store their data in.
Hell, offer safer social media, safer as in less abuse, far fewer pedos, sex pests, nazis, etc etc etc because you
Re: (Score:2)
Microsoft US has no choice but to comply with the US subpoena. Microsoft EU has no choice but to comply with Netherlands privacy laws.
The fact that the two entities of their own accord got themselves into a position where either one or the other will not be in legal compliance is not the problem of either the US or the Netherlands. They could have just kept track of what jurisdiction the data was in. Microsoft desperately does not want their customers to know that they fucked this up AGAIN.