Data Protection Regulator To Probe EU Institutions’ Contracts With Microsoft

EU data protection authorities said they have launched an investigation into the compliance of EU institutions’ contracts with Microsoft under new rules that came into force last year.

The European Data Protection Supervisor (EDPS), a relatively new body formed in 2004 that oversees all EU bodies, said it would look into whether contracts held by the European Commission and the EU’s 69 other institutions comply with the strict GDPR regulations that became active last May.

Assistant EDPS Wojciech Wiewiorowski said that while contractors have responsibilities for ensuring GDPR compliance, “EU institutions remain accountable for any data processing carried out on their behalf”.

“They also have a duty to ensure that any contractual arrangements respect the new rules and to identify and mitigate any risks,” he said.

Cloud data

EU bodies process large amounts of personal data, making it “vitally important” that risk-mitigating measures are in place, the agency said.

It drew attention to an assessment carried out by the Dutch Ministry of Justice and Security last November that found concerns with data collected through Microsoft Office 365 ProPlus, a cloud-based version of Microsoft’s Office suite.

The Dutch report found concerns with the way data was stored in a US database, saying it posed a  risk to users’ privacy, following which Microsoft made changes to comply with EU rules.

EU institutions using similar Microsoft packages are likely to face data protection issues similar to those encountered by national public authorities, including “increased risks to the rights and freedoms of individuals”, the EDPS said.

Microsoft said it was “committed to helping our customers comply with GDPR, Regulation 2018/1725, and other applicable laws” and was “confident that our contractual arrangements allow customers to do so”.

The EDPS is able to impose fines of up to 50,000 euros (£43,125) for each infraction.

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

NHS Covid-19 Tracing App For England, Wales, Nears Launch

Date for limited rollout of delayed NHS track and trace app for England and Wales…

3 days ago

Coronavirus: Facebook Staff To Work From Home Until July 2021

Facebook follows Google lead by extending right of staffers to work from home until July…

3 days ago

Canon Suffers Ransomware Attack, With 10TB Of Data Stolen – Report

Report suggests Canon has been crippled with a ransomware attack with allegedly 10TB of data,…

4 days ago

Uber Expands UK Reach With Autocab Buy

Amid consolidation in the taxi sector caused by Coronavirus lockdown, Uber purchases British rival Autocab…

4 days ago

TikTok Selects Ireland For First European Data Centre

Ireland to get another data centre after the Chinese-owned short video app TikTok announces first…

4 days ago