The EU Commission has apparently violated the EU data protection guidelines. This is the result of an investigation by the European Data Protection Supervisor. The accusation: When using Microsoft 365, the Commission did not ensure that personal data remained in the EU.

The European Data Protection Supervisor (EDPS) accuses the EU Commission of violating the EU data protection guidelines. When using the Microsoft 365 cloud service, the executive body of the state did not adequately ensure that personal data remained within the EU.

EU data protection guidelines: EU Commission violates its own rules

According to a recent press release, the EDPS initiated a corresponding investigation in May 2021 and has now announced the result.

The demand: The European Commission should ensure that when using Microsoft 365, data no longer flows to Microsoft or partner companies outside the EU.

The European Data Protection Supervisor names December 9, 2024 as the deadline. By then, the EU Commission should prove that it meets the requirements.

Who is the European Data Protection Supervisor?

The European Data Protection Supervisor is an independent EU supervisory authority. The Polish lawyer Wojciech Wiewiórowski has held the position since 2019.

When he took office, he announced that he wanted to take a closer look at the contractual agreements between the Windows company Microsoft and the EU institutions. Wiewiórowski:

It is the responsibility of the EU institutions, bodies, offices and agencies to ensure that any processing of personal data outside and within the EU, including in the context of cloud-based services, is accompanied by robust data protection safeguards and measures.

This is “absolutely necessary” to guarantee that personal data “is protected as required”.

Also interesting:


Leave a Reply

Your email address will not be published. Required fields are marked *