EU raises "serious concerns" over Microsoft's role as data processor

EPDS tells EU organisations that outsourcing any data processing means they’re still responsible

The European Data Protection Supervisor has expressed "serious concerns" that Microsoft may have violated data protection laws through product and service agreements with EU institutions, preliminary results of an investigation have revealed.

The early results follow an initial probe by the Dutch data regulator into the data collection practices of Windows Pro and Windows 10 Home, based on their testing of changes to Microsoft's data collection policies.

Advertisement - Article continues below

After finding issues with Microsoft's data practices in 2018, the Minister of Justice and Security warned users to ditch OneDrive and Office 365 in the interim before demanding changes from the software giant.

Further checks in August of the changes Microsoft had since implemented showed that despite "concrete improvements", the company was still remotely collecting some forms of data from its users. This, according to investigators, constituted a potential violation of the General Data Protection Regulation (GDPR).

The EDPS, an independent organisation that manages the application of GDPR across the continent, has subsequently weighed in with the results of its own probe into contracts Microsoft has agreed with EU institutions.

The EDPS also organised an EU software and cloud suppliers customer council in the Hague on 29 August, which led to the creation of the Hague Forum.

Advertisement
Advertisement - Article continues below

This collective aims to discuss how to take back control over IT services offered by big tech companies, while establishing how institutions can establish standard contractual terms instead of accepting vendor-led user agreements.

Advertisement - Article continues below

"We expect that the creation of The Hague Forum and the results of our investigation will help improve the data protection compliance of all EU institutions," said assistant EDPS Wojciech Wiewirowski.

"The agreement reached between the Dutch Ministry of Justice and Security and Microsoft on appropriate contractual and technical safeguards and measures to mitigate risks to individuals is a positive step forward.

"Through The Hague Forum and by reinforcing regulatory cooperation, we aim to ensure that these safeguards and measures apply to all consumers and public authorities living and operating in the EEA."

The EDPS also warned that outsourcing the processing of personal data still means organisations are accountable for the activities conducted on their behalf.

Featured Resources

Top 5 challenges of migrating applications to the cloud

Explore how VMware Cloud on AWS helps to address common cloud migration challenges

Download now

3 reasons why now is the time to rethink your network

Changing requirements call for new solutions

Download now

All-flash buyer’s guide

Tips for evaluating Solid-State Arrays

Download now

Enabling enterprise machine and deep learning with intelligent storage

The power of AI can only be realised through efficient and performant delivery of data

Download now
Advertisement

Recommended

Visit/policy-legislation/data-protection/355184/supreme-court-finds-morrisons-was-not-liable-for-2014
data protection

Supreme Court rules Morrisons was not liable for 2014 data breach

1 Apr 2020
Visit/security/privacy/355048/government-may-trace-covid-19-patients-using-mobile-phone-data
privacy

UK government may trace COVID-19 patients using mobile phone data

20 Mar 2020
Visit/policy-legislation/general-data-protection-regulation-gdpr/354842/irish-data-regulator-racks-up
General Data Protection Regulation (GDPR)

Irish data regulator racks up GDPR cases against Big Tech

24 Feb 2020
Visit/data-insights/data-management/354423/eu-us-data-transfer-tools-used-by-facebook-ruled-legal
data management

EU-US data transfer tools used by Facebook ruled legal

19 Dec 2019

Most Popular

Visit/development/application-programming-interface-api/355192/apple-buys-dark-sky-weather-app-and-leaves
application programming interface (API)

Apple buys Dark Sky weather app and leaves Android users in the cold

1 Apr 2020
Visit/security/cyber-crime/355171/fbi-warns-of-zoom-bombing-hackers-amidst-coronavirus-usage-spike
cyber crime

FBI warns of ‘Zoom-bombing’ hackers amid coronavirus usage spike

31 Mar 2020
Visit/data-insights/data-management/355170/oracle-cloud-courses-are-free-during-coronavirus-lockdown
data management

Oracle cloud courses are free during coronavirus lockdown

31 Mar 2020
Visit/security/cyber-security/355200/spacex-bans-the-use-of-zoom
cyber security

Elon Musk's SpaceX bans Zoom over security fears

2 Apr 2020