In summer of 2011 the University of Plymouth started outsourcing its student's email accounts to a cloud service offered by Microsoft called Live@edu[details]. Around the same time, Microsoft UK has admitted to the press that setups like these allow US agencies to access the data hosted in the cloud. Even when the datacentres are located in Europe, it makes no difference in the process of accessing our data for US authorities if a hosting company is a subsidiary of a US company. This includes their option to use gag orders to keep you and the University from knowing about the intervention (see also: National security letter).
The University as well as Microsoft cite the Safe Harbor Certification as the legal basis for the safety of our data. However, Safe Harbor is, not as the name might suggest, a clearly regulated certification, but rather a "self-certification scheme" by the US Department of Commerce which has shown a significant lack of reasonable implementation of an already incredibly vague collection of "7 principles". On top of that, in the same UoP FAQ section, a statement about anti-terror laws of various countries was included (in response to my original exchange with the university) without any further context why it's listed there. Simply put, it's a justification in disguise: they seem to have no problem with sharing our data with foreign agencies merely because the UK has similiar laws.
We study at a university in the UK - we should be able to expect that our information isn't shared with any other country. This situation is easy to summarise as an unreasonable risk for our personal data, and part of the continued dismantling of our rights to privacy. Let's tell our university we do not want our data handled by untrusted third parties.
The form below will generate an information request that you can sign and send in. What is important to note is that none of the information you submit here is saved - the generated file is removed right after it was delivered to you. On top of this, there are no access logs, and the connection is secured from snooping in with HTTPS.
Even if you decide against sending in your request, there are no traces of your original interest.
Note: UoP has not stopped hosting e-mails themselves - accounts of staff, as well as postgraduate-research students are still hosted on university premises. All e-mail passes through UoP's servers before it's shared with Microsoft.