Data Protection Regulator To Probe EU Institutions’ Contracts With Microsoft

EU data protection authorities said they have launched an investigation into the compliance of EU institutions’ contracts with Microsoft under new rules that came into force last year.

The European Data Protection Supervisor (EDPS), a relatively new body formed in 2004 that oversees all EU bodies, said it would look into whether contracts held by the European Commission and the EU’s 69 other institutions comply with the strict GDPR regulations that became active last May.

Assistant EDPS Wojciech Wiewiorowski said that while contractors have responsibilities for ensuring GDPR compliance, “EU institutions remain accountable for any data processing carried out on their behalf”.

“They also have a duty to ensure that any contractual arrangements respect the new rules and to identify and mitigate any risks,” he said.


Cloud data

EU bodies process large amounts of personal data, making it “vitally important” that risk-mitigating measures are in place, the agency said.

It drew attention to an assessment carried out by the Dutch Ministry of Justice and Security last November that found concerns with data collected through Microsoft Office 365 ProPlus, a cloud-based version of Microsoft’s Office suite.

The Dutch report found concerns with the way data was stored in a US database, saying it posed a  risk to users’ privacy, following which Microsoft made changes to comply with EU rules.

EU institutions using similar Microsoft packages are likely to face data protection issues similar to those encountered by national public authorities, including “increased risks to the rights and freedoms of individuals”, the EDPS said.

Microsoft said it was “committed to helping our customers comply with GDPR, Regulation 2018/1725, and other applicable laws” and was “confident that our contractual arrangements allow customers to do so”.

The EDPS is able to impose fines of up to 50,000 euros (£43,125) for each infraction.

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

So, you want to be a CIO?

The role of the CIO is evolving with more of a focus on revenue and strategy, according to the 2019…

1 day ago

Twitter Demands AI Firm Cease Facial Image Collection

Privacy concern. Cease-and-desist letter from Twitter to AI firm Clearview demands it stop collecting photos from social media platforms

1 day ago

Sonos Boss Apologises For Update Controversy

Sonos CEO says sorry for anger caused by its update policy, and says it will support legacy products “for as…

1 day ago

Apple Cautions EU About Common Charger Push

Apple has cautioned against the renewed EU push for a common mobile charger, warning that losing its Lightning port will…

2 days ago

US Tells UK It Still Has ‘Significant Concerns’ Over Huawei

With a UK decision on Huawei expected by the end of the month, US officials maintain 'significant concerns' about the…

2 days ago

Apple Fixed Tracking Flaws In Safari, But Google Director Disagrees

Google identified multiple privacy flaws in Apple's Safari browser, which the iPad maker said it has fixed, but a Google…

2 days ago