Microsoft’s contracts with European Union institutions do not fully protect data in accordance with EU law. This is stated in the preliminary results of the investigation, published today by the European Data Protection Inspector (EDPS). An EDPS investigation was launched in April and is still ongoing.
“Although the investigation is still ongoing, preliminary results give rise to serious concerns about the compliance of contractual terms with data protection rules and the role of Microsoft as a data processor in relation to EU institutions using its products and services,” EDPS said in a statement.
In 2018, the European Union introduced new data protection rules, known as GDPR. Their requirements apply to all companies operating in the EU and are designed to provide people with greater control over the use of their personal data.
“We are committed to helping our customers comply with the GDPR, the 2018/1725 regulation and other relevant laws,” said a Microsoft spokesman. He added that the company is in talks with customers and will soon announce changes to the contracts that will solve the problems affected by EDPS.