THE EUROPEAN DATA PROTECTION SUPERVISOR (EDPS) has is to probe cloud and software deals between Microsoft and EU institutions to ensure that they are GDPR compliant.
The EDPS is responsible for overseeing EU institutions to ensure their compliance with data protection rules.
"New data protection rules for the EU institutions and bodies came into force on 11 December 2018," said Wojciech Wiewiórowski, assistant supervisor at the EDPS.
"Regulation 2018/1725 introduced significant changes to the rules governing outsourcing. Contractors now have direct responsibilities when it comes to ensuring compliance.
"However, when relying on third parties to provide services, the EU institutions remain accountable for any data processing carried out on their behalf. They also have a duty to ensure that any contractual arrangements respect the new rules and to identify and mitigate any risks. It is with this in mind that the contractual relationship between the EU institutions and Microsoft is now under EDPS scrutiny."
Ultimately, claims the EDPS, the various institutions of the EU rely on Microsoft to conduct processing of large amounts of personal data. It wants to examine the nature of the contracts between the institutions and Microsoft to asses which software and services are being used, and whether the contractual arrangements are fully compliant with data protection rules.
The investigation follows on from a Data Protection Impact Assessment Report in November 2018 by the Dutch Ministry of Justice and Security.
This examined the transmission of diagnostic data in Microsoft Office 365 ProPlus subscriptions and found that 25,000 'events' in Office 365 were recorded, transmitted and shared among 30 engineering teams at Microsoft.
"Any EU institutions using the Microsoft applications investigated in this report are likely to face similar issues to those encountered by national public authorities, including increased risks to the rights and freedoms of individuals," claimed the EDPS. µ
Netflix without the chill
The best things come in the same sized package as last time
'Open source' and 'Microsoft' in same sentence shock
Just what it nEEds