EU raises "serious concerns" over Microsoft's role as data processor

EPDS tells EU organisations that outsourcing any data processing means they’re still responsible

The European Data Protection Supervisor has expressed "serious concerns" that Microsoft may have violated data protection laws through product and service agreements with EU institutions, preliminary results of an investigation have revealed.

The early results follow an initial probe by the Dutch data regulator into the data collection practices of Windows Pro and Windows 10 Home, based on their testing of changes to Microsoft's data collection policies.

After finding issues with Microsoft's data practices in 2018, the Minister of Justice and Security warned users to ditch OneDrive and Office 365 in the interim before demanding changes from the software giant.

Further checks in August of the changes Microsoft had since implemented showed that despite "concrete improvements", the company was still remotely collecting some forms of data from its users. This, according to investigators, constituted a potential violation of the General Data Protection Regulation (GDPR).

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

The EDPS, an independent organisation that manages the application of GDPR across the continent, has subsequently weighed in with the results of its own probe into contracts Microsoft has agreed with EU institutions.

The EDPS also organised an EU software and cloud suppliers customer council in the Hague on 29 August, which led to the creation of the Hague Forum.

This collective aims to discuss how to take back control over IT services offered by big tech companies, while establishing how institutions can establish standard contractual terms instead of accepting vendor-led user agreements.

"We expect that the creation of The Hague Forum and the results of our investigation will help improve the data protection compliance of all EU institutions," said assistant EDPS Wojciech Wiewirowski.

"The agreement reached between the Dutch Ministry of Justice and Security and Microsoft on appropriate contractual and technical safeguards and measures to mitigate risks to individuals is a positive step forward.

"Through The Hague Forum and by reinforcing regulatory cooperation, we aim to ensure that these safeguards and measures apply to all consumers and public authorities living and operating in the EEA."

Advertisement - Article continues below

The EDPS also warned that outsourcing the processing of personal data still means organisations are accountable for the activities conducted on their behalf.

Featured Resources

How inkjet can transform your business

Get more out of your business by investing in the right printing technology

Download now

Journey to a modern workplace with Office 365: which tools and when?

A guide to how Office 365 builds a modern workplace

Download now

Modernise and transform your sales organisation

Learn how a modernised sales process can drive your business

Download now

Your guide to managing cloud transformation risk

Realise the benefits. Mitigate the risks

Download now
Advertisement

Recommended

Visit/data-insights/data-management/354423/eu-us-data-transfer-tools-used-by-facebook-ruled-legal
data management

EU-US data transfer tools used by Facebook ruled legal

19 Dec 2019
Visit/backup/33385/arcserve-udp-9240dr-review-beef-up-your-backups
backup

Arcserve UDP 9240DR review: Beef up your backups

4 Apr 2019

Most Popular

Visit/cloud/cloud-computing/354767/google-cloud-snaps-up-multi-cloud-analytics-platform-for-26bn
cloud computing

Google Cloud snaps up multi-cloud analytics platform for $2.6bn

13 Feb 2020
Visit/mobile/28299/how-to-use-chromecast-without-wi-fi
Mobile

How to use Chromecast without Wi-Fi

5 Feb 2020
Visit/cloud/microsoft-azure/354771/microsoft-azure-is-a-testament-to-satya-nadellas-strategic-nouse
Microsoft Azure

Microsoft Azure is a testament to Satya Nadella’s strategic nouse

14 Feb 2020
Visit/operating-systems/27717/how-to-fix-a-stuck-windows-10-update
operating systems

How to fix a stuck Windows 10 update

12 Feb 2020