Microsoft\u2019s top attorney Brad Smith announced \u201ca major milestone\u201d for Microsoft Azure as it is \u201cthe first major cloud provider to adopt the world\u2019s first international standard for cloud privacy.\u201d According to Smith, what that means for you is \u201cwith the Microsoft Cloud, you\u2019re in control.\u201dIn July 2014, the International Organization for Standardization (ISO) developed ISO 27018, a voluntary standard \u201cgoverning the processing of personal data in the cloud.\u201d The ISO described the security technique standard as a \u201ccode of practice for the protection of Personally Identifiable Information (PII) in public clouds acting as PII processors.\u201d When I tried to download the paper from that page, it was going to cost almost $127. Dream on.ISO 27018 is described in numerous places online, including Inside Privacy which explained that in order for a cloud provider to be compliant, it must:Always process personal information in accordance with the customer\u2019s instructions.Only process personal information for marketing or advertising purposes with the customer\u2019s express consent. Such consent cannot be made a condition for receiving the service.Help cloud customers comply when individuals assert their access rights.Disclose information to law enforcement authorities only when legally bound to do so.Disclose the names of any sub-processors and the possible locations where personal information may be processed prior to entering into a cloud services contract.Help cloud customers comply with their notification obligations in the event of a data breach.Implement a policy for the return, transfer or disposal of personal data, for instance when the service comes to an end.Subject their services to independent information security reviews at scheduled intervals (or when significant processing changes occur).Enter into confidentiality agreements with staff who have access to personal data and provide appropriate staff training.Microsoft said you are supposed to know \u201cwhat\u2019s happening with your data\u201d such as if other companies need access to it, or if unauthorized parties access it. The \u201cstrong protection for your data\u201d includes how PII is handled; there are restrictions on transmitting it over public networks and storing it on transportable media. Any Microsoft employee processing your data must sign a confidentiality obligation.Additionally \u201cyour data won\u2019t be used for advertising\u201d and Microsoft will inform you about government access to your data. Regarding the latter, Smith specified, \u201cThe standard requires that law enforcement requests for disclosure of personally identifiable data must be disclosed to you as an enterprise customer, unless this disclosure is prohibited by law. We\u2019ve already adhered to this approach (and more), and adoption of the standard reinforces this commitment.\u201dThe Azure blog also explained that in order for a cloud service provider (CSP) to be ISO 27018 compliant, it must operate under five principles:Consent: CSPs must not use the personal data they receive for advertising and marketing unless expressly instructed to do so by the customer. Moreover, it must be possible for a customer to use the service without submitting to such use of its personal data for advertising or marketing.Control: Customers have explicit control of how their information is used.Transparency: CSPs must inform customers where their data resides, disclose the use of subcontractors to process PII and make clear commitments about how that data is handled.Communication: In case of a breach, CSPs should notify customers, and keep clear records about the incident and the response to it.Independent and yearly audit: A successful third-party audit of a CSP\u2019s compliance documents the service\u2019s conformance with the standard, and can then be relied upon by the customer to support their own regulatory obligations. To remain compliant, the CSP must subject itself to yearly third-party reviews.Both Lori Woehler, Microsoft Azure Engineering Security, Privacy & Compliance group manager, and Microsoft General Counsel Smith hammered home that trust is the point of ISO 27018. \u201cCustomers will only use services that they trust,\u201d Smith wrote. \u201cThe validation that we\u2019ve adopted this standard is further evidence of our commitment to protect the privacy of our customers online.\u201dDo you trust Microsoft and its cloud computing platform more now?