The European Commission’s utilization of Microsoft software has been deemed in violation of EU privacy regulations, announced the EU privacy watchdog on Monday. Additionally, the bloc’s executive body has been criticized for failing to implement adequate safeguards concerning the transfer of personal data to non-EU countries.
The European Data Protection Supervisor (EDPS) has issued a directive for the Commission to take immediate measures to adhere to privacy regulations and cease data transfers to Microsoft and its subsidiaries in third countries lacking privacy agreements with the EU. A deadline of December 9 has been set for compliance with both mandates, reported Reuters.
This decision by the EDPS follows a comprehensive three-year investigation triggered by concerns surrounding the transfer of personal data to the United States, particularly in the wake of revelations made in 2013 by former U.S. intelligence contractor Edward Snowden regarding extensive U.S. surveillance practices.
Related: Microsoft Offers To Charge For Teams In EU To Appease Watchdog
“The Commission has failed to provide appropriate safeguards to ensure that personal data transferred outside the EU/EEA are afforded an essentially equivalent level of protection as guaranteed in the EU/EEA,” stated the watchdog in an official statement. The European Economic Area (EEA) encompasses the 27 EU member states along with Iceland, Liechtenstein, and Norway.
The EDPS further highlighted deficiencies in the Commission’s contract with Microsoft, emphasizing a lack of specification regarding the types of personal data to be collected and for what explicit and specified purposes when utilizing Microsoft 365.
Microsoft 365, comprising Word documents, Excel spreadsheets, PowerPoint presentations, and Outlook emails, is the suite in question. Consequently, the data protection authority has ordered the Commission to suspend all data flows originating from its usage of Microsoft 365 to Microsoft and its affiliates and sub-processors situated in non-European countries lacking adequacy decisions.
Currently, the EU maintains data adequacy agreements with 16 countries, including Argentina, Japan, South Korea, Switzerland, Britain, and the United States.
Source: Reuters
Featured News
FTC Files Suit Against Liquor Giant Southern Glazer’s Over Discount Disparities
Dec 12, 2024 by
CPI
Racing Rivals Accuse NASCAR of Retaliation in High-Stakes Antitrust Battle
Dec 12, 2024 by
CPI
Samsung Challenges Indian Antitrust Investigation, Calls Raid “Unlawful”
Dec 12, 2024 by
CPI
European Sites Criticize Google’s Compliance Efforts with DMA
Dec 12, 2024 by
CPI
Banco BPM Overcomes Regulatory Hurdle in $1.7 Billion Bid
Dec 12, 2024 by
CPI
Antitrust Mix by CPI
Coopetition in The Pharma Industry: Challenges for Antitrust
Dec 12, 2024 by
Juan Delgado & Lourdes Sosa
Symmetry and the Sixth Force: The Essential Role of Complements
Dec 12, 2024 by
Adam Brandenburger & Barry Nalebuff
ESG Collaborations in Light of European Antitrust Policy and Enforcement Trends
Dec 12, 2024 by
Christian Ritz, Julia Gingelmaier & Kyra Harmes
Antitrust Chronicle® – Co-opetition
Dec 11, 2024 by
CPI
Antitrust Chronicle® – Moats & Entrenchment
Nov 29, 2024 by
CPI