Re: Not just GDPR
Not quite
Microsoft EU and US are two different companies.
No formal request was ever filed in an EU court for access.
The US just "expected" Microsoft US to be able to instruct Microsoft EU (an entirely different company) to comply with their demands even though such demands are illegal in the EU (without a court order saying otherwise).
The US Supreme Court dropped their action because the Cloud Act came in which basically says "You will go through the proper EU channels if you want EU etc. data":
https://www.theverge.com/2018/4/5/17203630/us-v-microsoft-scotus-doj-ireland-ruling
That's something that could have ALWAYS happened.
Cloud Act: "Principally, it asserts that U.S. data and communication companies must provide stored data for U.S. citizens on any server they own and operate when requested by warrant, but provides mechanisms for the companies or the courts to reject or challenge these if they believe the request violates the privacy rights of the foreign country the data is stored in"
Microsoft (US) do not own or operate any servers in the EU. Microsoft (EU) do, and aren't subject to US jurisdiction unless an EU court rules as such.
P.S. The Cloud Act applies only in the US. No other jurisdiction has ever signed up to it, or could, it's just not relevant. Still, Microsoft EU could refuse to produce data stored under EU laws.
Nothing's changed. Business as usual. But now Microsoft (US) don't have a court case because their position is now clarified in (US) law.
Ironically, since day one, if the US had just issued a request to the European Court stating their need and purpose for that information (the FBI was involved, so presumably serious), they could have easily obtained access to that data 100% legitimately at any time.
Nobody has to hand data stored on an EU server to the US without an EU court order. And vice-versa.