Big Board Alerts

March 11, 2024
European Commission breached privacy laws with Microsoft software use


The European Commission’s use of Microsoft software is in breach of data protection laws.

Following a probe by the European Union’s (EU) privacy regulator, the bloc’s executive body was also made aware that it had failed to put in place adequate safeguards for the transfer of personal data to non-EU states.

The European Data Protection Supervisor (EDPS) announced its findings after the investigation began in May 2021. The infringements relate to several data protection rules.

“In particular, the Commission has failed to provide appropriate safeguards to ensure that personal data transferred outside the EU/EEA are afforded an essentially equivalent level of protection as guaranteed in the EU/EEA,” wrote the EDPS.

“Furthermore, in its contract with Microsoft, the Commission did not sufficiently specify what types of personal data are to be collected and for which explicit and specified purposes when using Microsoft 365.”

The EEA, or European Economic Area, consists of the 27 EU countries and Iceland, Liechtenstein, and Norway. The EU has data accords in place with 16 countries, including Argentina, Japan, South Korea, Switzerland, the United Kingdom, and the US.

In its investigation, the #EDPS @W_Wiewiorowski has found that the @EU_Commission has infringed several key data protection rules when using Microsoft 365. In its decision, the EDPS imposes corrective measures on the Commission. Read Press Release:

— EDPS (@EU_EDPS) March 11, 2024

European Commission response to EDPS censure

The European Commission has been instructed to cease all data flows through its use of Microsoft 365 to the tech giant parent company and any of its associated firms that may be located outside the EU or any jurisdiction where there is no data agreement in place.

A deadline of 9 December 2024 has been set for the EC to comply with the order.

Wojciech Wiewiórowski, the European Data Protection Supervisor, spoke on what EU bodies expect to have the relevant protections in place.

“It is the responsibility of the EU institutions, bodies, offices, and agencies (EUIs) to ensure that any processing of personal data outside and inside the EU/EEA, including in the context of cloud-based services, is accompanied by robust data protection safeguards and measures, he stressed.

“This is imperative to ensure that individuals’ information is protected.”

Image credit: Karolina Grabowska/Pexels

The post European Commission breached privacy laws with Microsoft software use appeared first on ReadWrite.


Latest Articles


By submitting this form on our website, you agree that we may collect and use your personal information for marketing, and for other purposes as set forth in our privacy policy, which we encourage you to review.