Microsoft has stated that, per the USA Patriot Act, the US government could have access to the data even if the hosted company is not American and the data resides outside the USA.  However, Microsoft Azure is compliant with the E. U. Data Protection Directive (95/46/EC). [contradictory] To manage privacy and security-related concerns, Microsoft has created a Microsoft Azure Trust Center, and Microsoft Azure has several of its services compliant with several compliance programs including ISO 27001:2005 and HIPAA. A full and current listing can be found on the Microsoft Azure Trust Center Compliance page.  Of special note, Microsoft Azure has been granted JAB Provisional Authority to Operate (P-ATO) from the U. S. government in accordance with guidelines spelled out under the Federal Risk and Authorization Management Program (FedRAMP), a U. S. government program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud services used by the federal government.