More than a dozen more human rights groups have called Microsoft to suspend its plans to invest in a new cloud data center in Saudi Arabia.

The company announced plans for a new data center and cloud region in the country in February of this year, but has been met with concerns over the risk of human rights abuses, with Human Rights Watch first calling for it to suspend plans in April 2023.

Microsoft Azure
– Sebastian Moss

Reported by Human Rights Watch, 17 more groups have joined the campaign and say they are concerned that Saudi authorities may gain access to data stored in Microsoft’s data center. The groups argue that Microsoft should suspend its planned investment until it can demonstrate how it will mitigate the risk.

“The Saudi government’s record of violating privacy rights with impunity poses a grave danger to data stored within its borders,” said Joey Shea, Saudi Arabia researcher at Human Rights Watch. “Microsoft needs to conduct a thorough human rights due diligence process and publicly detail how it will mitigate the potential adverse human rights impacts associated with Saudi Arabia hosting the data center.”

The additional groups include: Access Now, ALQST for Human Rights, Democracy for the Arab World Now, Eko, Euro-Med Human Rights Monitor, FairSquare, Front Line Defenders, Gulf Centre for Human Rights, Heartland Initiative, IFEX, Kandoo, MENA Rights Group, Project on Middle East Democracy, Ranking Digital Rights, Red Line for Gulf, SMEX, and The Yemeni Archive.

Saudi Arabia has a history of infiltrating technology platforms to spy on human rights platforms, as well as using cyber surveillance software. It is also criticized for its lack of stringent data protection laws.

Human Rights Watch reportedly contacted Microsoft at the time of its cloud announcement, though the company asked to remain off the record and cited its policy for operating data centers in countries with such issues which essentially says that they will meet the UN’s Guiding Principles on Business and Human Rights.

According to Saudi Arabia’s Cloud Computing Regulatory Framework, cloud providers must remove or block content upon the request of Saudi authorities, and report any content which may violate the laws and legislations of the country.

The country’s data protection law also powers government agencies to access personal data, and the 2007 anti-cybercrime law criminalized the “production, preparation, transmission, or storage of material impinging on public order, religious values, public morals, or privacy.”

Marwa Fatafta, MENA policy, and advocacy manager at Access Now, said: “Microsoft should prove that its public commitment to upholding human rights standards is not just empty rhetoric by publicly detailing its due diligence measures and safeguards for upholding rights. Microsoft must utilize the opportunity to demonstrate leadership among the tech industry in responsible market entry in such extreme risk markets and in countries with dismal human rights records like Saudi Arabia.”

DCD has contacted Microsoft for comment.

Get a weekly roundup of EMEA news, direct to your inbox.