Microsoft faces scrutiny in EU over Israel's surveillance of Palestinians
Whistleblowers say Microsoft ‘rapidly offloaded’ data following revelations that Israeli surveillance material was kept on EU-based company servers
Microsoft is facing renewed pressure in Europe after a complaint filed on 3 December accused the company of enabling the transfer of sensitive data used in Israel’s surveillance of Palestinians.
The case is based on internal accounts and business records cited in documents reviewed by Bloomberg.
The complaint was lodged with Ireland’s Data Protection Commission (DPC), the EU authority responsible for oversight of Microsoft because the corporation is headquartered in Dublin.
According to the filing, whistleblowers and internal records suggest Microsoft approved substantial data transfers requested by accounts associated with the Israeli military shortly after The Guardian reported in early August that millions of intercepted Palestinian phone calls were stored on Microsoft servers located in the Netherlands and Ireland.
The day after that report, documents reviewed by Bloomberg show that owners of an Israeli military-linked account asked Microsoft to expand transfer limits on three Azure accounts. Support personnel approved the requests, and the volume of stored data dropped sharply.
The complaint argues this hindered Ireland’s ability to supervise material classified as “sensitive” under the General Data Protection Regulation (GDPR). Microsoft rejects that view, saying the customer, not the company, made the decision to move the material.
The firm also says the transfer “in no way impeded” its internal review.
Microsoft denied any suggestion that it orchestrated the transfer. “Our customers own their data, and the actions taken by this customer to transfer their data in August was their choice,” the company said, adding that these actions “in no way impeded our investigation.”
The firm opened an internal probe following The Guardian’s coverage and, by September, ended some services for the Israeli military. The DPC confirmed to AFP that the new complaint is “currently under assessment.”
At issue is whether Microsoft unlawfully processed personal data belonging to Palestinians and EU residents, as alleged by the Irish Council for Civil Liberties and the advocacy group Eko, which jointly filed the case.
Eko separately claimed that “new evidence shared by Microsoft whistleblowers” shows the company “rapidly offloaded vast quantities of illegally captured surveillance data” after the August revelations.
The filing also says Microsoft continues to host applications used by Israeli authorities, including the Almunasseq permit app, which relies partly on Microsoft data centers in Ireland.
A related shareholder motion scheduled for a vote at Microsoft’s annual meeting urges the board to evaluate the effectiveness of the company’s human-rights due diligence practices.