The European Commission’s utilization of Microsoft software has been deemed in violation of EU privacy regulations, announced the EU privacy watchdog on Monday. Additionally, the bloc’s executive body has been criticized for failing to implement adequate safeguards concerning the transfer of personal data to non-EU countries.
The European Data Protection Supervisor (EDPS) has issued a directive for the Commission to take immediate measures to adhere to privacy regulations and cease data transfers to Microsoft and its subsidiaries in third countries lacking privacy agreements with the EU. A deadline of December 9 has been set for compliance with both mandates, reported Reuters.
This decision by the EDPS follows a comprehensive three-year investigation triggered by concerns surrounding the transfer of personal data to the United States, particularly in the wake of revelations made in 2013 by former U.S. intelligence contractor Edward Snowden regarding extensive U.S. surveillance practices.
Related: Microsoft Offers To Charge For Teams In EU To Appease Watchdog
“The Commission has failed to provide appropriate safeguards to ensure that personal data transferred outside the EU/EEA are afforded an essentially equivalent level of protection as guaranteed in the EU/EEA,” stated the watchdog in an official statement. The European Economic Area (EEA) encompasses the 27 EU member states along with Iceland, Liechtenstein, and Norway.
The EDPS further highlighted deficiencies in the Commission’s contract with Microsoft, emphasizing a lack of specification regarding the types of personal data to be collected and for what explicit and specified purposes when utilizing Microsoft 365.
Microsoft 365, comprising Word documents, Excel spreadsheets, PowerPoint presentations, and Outlook emails, is the suite in question. Consequently, the data protection authority has ordered the Commission to suspend all data flows originating from its usage of Microsoft 365 to Microsoft and its affiliates and sub-processors situated in non-European countries lacking adequacy decisions.
Currently, the EU maintains data adequacy agreements with 16 countries, including Argentina, Japan, South Korea, Switzerland, Britain, and the United States.
Source: Reuters
Featured News
Big Tech Braces for Potential Changes Under a Second Trump Presidency
Nov 6, 2024 by
CPI
Trump’s Potential Shift in US Antitrust Policy Raises Questions for Big Tech and Mergers
Nov 6, 2024 by
CPI
EU Set to Fine Apple in First Major Enforcement of Digital Markets Act
Nov 5, 2024 by
CPI
Six Indicted in Federal Bid-Rigging Schemes Involving Government IT Contracts
Nov 5, 2024 by
CPI
Ireland Secures First €3 Billion Apple Tax Payment, Boosting Exchequer Funds
Nov 5, 2024 by
CPI
Antitrust Mix by CPI
Antitrust Chronicle® – Remedies Revisited
Oct 30, 2024 by
CPI
Fixing the Fix: Updating Policy on Merger Remedies
Oct 30, 2024 by
CPI
Methodology Matters: The 2017 FTC Remedies Study
Oct 30, 2024 by
CPI
U.S. v. AT&T: Five Lessons for Vertical Merger Enforcement
Oct 30, 2024 by
CPI
The Search for Antitrust Remedies in Tech Leads Beyond Antitrust
Oct 30, 2024 by
CPI