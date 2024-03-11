The European Commission's reliance on Microsoft software has been deemed a breach of EU privacy rules, with mandated halts on data transfers to the U.S. firm, as per the European Data Protection Supervisor (EDPS).

Advertisment

This comes after a detailed investigation sparked by concerns over the transfer of personal data to the United States, spotlighting the need for stringent privacy safeguards within EU institutions.

Probe Unveils Data Protection Lapses

The EDPS's scrutiny, initiated by the alarming revelations of U.S. mass surveillance by Edward Snowden in 2013, unveiled that the European Commission's contract with Microsoft lacked clarity on the types of personal data collected and the specific purposes for its collection. Furthermore, it highlighted the Commission's failure to prevent the transfer of personal data to countries outside the European Economic Area (EEA) lacking equivalent privacy agreements with the EU.

Advertisment

EDPS Orders Compliance Measures

In response to these findings, the EDPS has mandated the European Commission to suspend all data flows resulting from its use of Microsoft 365 to Microsoft and its international affiliates not covered by EU adequacy decisions. The European Commission is also compelled to ensure its Microsoft 365 usage abides by EU privacy regulations, with a compliance deadline set for December 9. This decision reflects the EDPS's commitment to upholding rigorous data protection standards for the processing of personal data within and outside the EU/EEA.

Microsoft to Collaborate on Addressing Concerns

Advertisment

Microsoft has expressed its intent to closely review the EDPS's decision and collaborate with the EU executive to resolve the pinpointed issues. The company emphasized that the concerns largely pertain to enhanced transparency requirements under the EU's data protection regulation, highlighting a pathway towards rectifying the identified compliance shortfalls.

As this situation unfolds, it underscores the critical importance of robust data protection safeguards and the need for all entities, especially governing bodies, to meticulously manage personal data. The actions taken by the EDPS not only aim to address current breaches but also serve as a stern reminder of the imperative to uphold privacy rights in an increasingly digital world.