A formal request has been lodged with Irish authorities to investigate Microsoft over its alleged role in the unlawful processing of personal data by the Israeli Defense Forces (IDF). The complaint, filed by the human rights organisation the Irish Council for Civil Liberties (ICCL), centres on claims that Microsoft's cloud services were used in mass surveillance operations against Palestinians.
Allegations of Facilitating International Crimes
The ICCL's submission to Ireland's Data Protection Commission (DPC) contains a grave allegation. It states that the processing of personal data on Microsoft's infrastructure "facilitated war crimes, crimes against humanity, and genocide by the Israeli military." The complaint follows investigative reports published in August by the Guardian, alongside +972 Magazine and Local Call.
Those reports revealed that a vast repository of intercepted Palestinian phone calls was being stored on Microsoft's Azure cloud service. This data was allegedly part of a sweeping surveillance programme operated by Israel's military intelligence Unit 8200.
The Role of Microsoft's Azure Cloud
Leaked documents indicated that Unit 8200 began negotiations as early as 2021 to migrate huge volumes of classified intelligence material to Microsoft's cloud. The Azure platform's immense storage and computing power reportedly enabled the unit to construct a system for the indiscriminate collection, playback, and analysis of cellular calls across the Palestinian population.
Joe O'Brien, the executive director of ICCL, stated unequivocally: "Microsoft's technology has put millions of Palestinians in danger. These are not abstract data-protection failures." He argued that the cloud services had "enabled real-world violence" and urged the DPC to act swiftly given the "threat to life."
GDPR Breaches and Evidence Removal
The complaint asserts that Microsoft's actions breached the European Union's General Data Protection Regulation (GDPR). As Microsoft's European headquarters are in Ireland, the Irish DPC holds legal responsibility for overseeing the company's EU data processing.
A critical claim made by the ICCL is that evidence of illegal processing was obscured. The group alleges that records of intercepted calls were moved from EU servers to Israel before any EU investigation could begin, a process it describes as the "removal" of evidence. The ICCL links Microsoft's technology to Israel's "Al Minasseq" military surveillance system.
In the wake of the initial revelations, Microsoft launched an external inquiry into its dealings with Unit 8200. Preliminary findings prompted the company to revoke the unit's access to certain cloud storage and AI tools.
The Irish DPC now faces pressure to use its full regulatory powers. "When EU infrastructure is used to enable surveillance and targeting, the Irish data protection commission must step in," O'Brien concluded. Microsoft has been approached for comment on the latest development.
