Microsoft’s contracts with European Union (EU) appear to be violating the EU General Data Protection Regulation (GDPR), according to a preliminary conclusion by the European Data Protection Supervisor (EDPS), which is investigating the matter. The EDPS stated that “though the investigation is still ongoing, preliminary results reveal serious concerns over the compliance of the relevant contractual terms with data protection rules and the role of Microsoft as a processor for EU institutions using its products and services.”
Last year, the Dutch Ministry of Justice and Security identified issues with how the EU collects ‘functional and diagnostics data’ as a result of its use of Office 365 . It suggested that “until Microsoft takes measures to mitigate these risks, government organisations should refrain from using Office Online and the mobile Office apps included in Office 365 licence.” Microsoft says that it is working on contractual changes to reach compliance under GDPR.
Read more: Microsoft’s EU Contracts ‘Breach GDPR’