The European Commission’s acceptance of Microsoft software violates EU privacy standards, and the bloc’s leadership also failed to implement appropriate safeguards for personal data routed to non-EU states.
The European Commission’s use of Microsoft (MSFT.O) software that opens new tabs violated EU privacy regulations, and the bloc’s executive also failed to adopt necessary safeguards for personal data sent to non-EU nations, according to the EU privacy watchdog on Monday.
The European Data Protection Supervisor (EDPS) has ordered the Commission to take steps to comply with privacy standards and to cease data transfers to the US corporation and its subsidiaries in third countries that do not have privacy agreements with the EU, with a deadline of December 9.
The EDPS’s judgment came after a three-year investigation sparked by concerns about the transfer of personal data to the United States following former US intelligence contractor Edward Snowden’s 2013 allegations of mass US spying.
“The Commission has failed to provide appropriate safeguards to ensure that personal data transferred outside the EU/EEA is afforded an essentially equivalent level of protection as guaranteed in the EU/EEA,” the Information Commissioner’s Office said in a statement.
The EEA (European Economic Area) is made up of the 27 EU members, Iceland, Liechtenstein, and Norway.
“In its contract with Microsoft, the Commission did not sufficiently specify what types of personal data are to be collected and for which explicit and specific purposes when using Microsoft 365,” the European Data Protection Supervisor (EDPS) noted.
The Microsoft 365 software suite comprises Word documents, Excel spreadsheets, PowerPoint presentations, and Outlook emails.
The data protection authority ordered the Commission to halt all data flows resulting from its use of Microsoft 365 to Microsoft, its affiliates, and sub-processors in countries outside Europe that are not covered by an adequacy judgment.
The European Union now has data adequacy agreements with 16 nations, including Argentina, Japan, South Korea, Switzerland, the United Kingdom, and the United States.
The EU executive was also instructed to take steps to ensure that its use of Microsoft 365 is compliant with privacy regulations.
Also read: Women in the technology industry is constantly increasing, says Rajita Bhatnagar
Do Follow: CIO News LinkedIn Account | CIO News Facebook | CIO News Youtube | CIO News Twitter
About us:
CIO News, a proprietary of Mercadeo, produces award-winning content and resources for IT leaders across any industry through print articles and recorded video interviews on topics in the technology sector such as Digital Transformation, Artificial Intelligence (AI), Machine Learning (ML), Cloud, Robotics, Cyber-security, Data, Analytics, SOC, SASE, among other technology topics.
