Re: Msft Employee Perspective
"There's also a LOT of new rules around storing PII." (My emphasis)
One of the main rules in GDPR is the need for specific permission to collect anything beyond what's needed to process a transaction or what's legally required. It makes no difference having your own rules about storing information if you don't have the permission to acquire it. Couple that with the fact that the law in the US might be quite different to the law in Europe about what's legally required (and we note that MS welcomed the CLOUD Act) and it's still difficult to see how this makes MS GDPR compliant. My suspicion remains that by concentrating on what MS can do that doesn't greatly impinge on telemetry they're trying to deflect any EU investigation to the latter.