The European Commission’s utilization of Microsoft software has been deemed in violation of EU privacy regulations, announced the EU privacy watchdog on Monday. Additionally, the bloc’s executive body has been criticized for failing to implement adequate safeguards concerning the transfer of personal data to non-EU countries.
The European Data Protection Supervisor (EDPS) has issued a directive for the Commission to take immediate measures to adhere to privacy regulations and cease data transfers to Microsoft and its subsidiaries in third countries lacking privacy agreements with the EU. A deadline of December 9 has been set for compliance with both mandates, reported Reuters.
This decision by the EDPS follows a comprehensive three-year investigation triggered by concerns surrounding the transfer of personal data to the United States, particularly in the wake of revelations made in 2013 by former U.S. intelligence contractor Edward Snowden regarding extensive U.S. surveillance practices.
Related: Microsoft Offers To Charge For Teams In EU To Appease Watchdog
“The Commission has failed to provide appropriate safeguards to ensure that personal data transferred outside the EU/EEA are afforded an essentially equivalent level of protection as guaranteed in the EU/EEA,” stated the watchdog in an official statement. The European Economic Area (EEA) encompasses the 27 EU member states along with Iceland, Liechtenstein, and Norway.
The EDPS further highlighted deficiencies in the Commission’s contract with Microsoft, emphasizing a lack of specification regarding the types of personal data to be collected and for what explicit and specified purposes when utilizing Microsoft 365.
Microsoft 365, comprising Word documents, Excel spreadsheets, PowerPoint presentations, and Outlook emails, is the suite in question. Consequently, the data protection authority has ordered the Commission to suspend all data flows originating from its usage of Microsoft 365 to Microsoft and its affiliates and sub-processors situated in non-European countries lacking adequacy decisions.
Currently, the EU maintains data adequacy agreements with 16 countries, including Argentina, Japan, South Korea, Switzerland, Britain, and the United States.
Source: Reuters
Featured News
Trump Nominates Olivia Trusty for FCC Commissioner Role Ahead of Inauguration
Jan 16, 2025 by
CPI
Lawyers Claim eXp’s Settlement Tactics Hurt Antitrust Case Potential
Jan 16, 2025 by
CPI
Amex GBT Pushes Back Against DOJ Lawsuit Over CWT Acquisition
Jan 16, 2025 by
CPI
Belgium Opens Antitrust Probe into AB InBev’s Market Practices
Jan 16, 2025 by
CPI
Tech Groups Sue CFPB Over New Rule on Digital Wallet Oversight
Jan 16, 2025 by
CPI
Antitrust Mix by CPI
Antitrust Chronicle® – CRESSE Insights
Dec 19, 2024 by
CPI
Effective Interoperability in Mobile Ecosystems: EU Competition Law Versus Regulation
Dec 19, 2024 by
Giuseppe Colangelo
The Use of Empirical Evidence in Antitrust: Trends, Challenges, and a Path Forward
Dec 19, 2024 by
Eliana Garces
Some Empirical Evidence on the Role of Presumptions and Evidentiary Standards on Antitrust (Under)Enforcement: Is the EC’s New Communication on Art.102 in the Right Direction?
Dec 19, 2024 by
Yannis Katsoulacos
The EC’s Draft Guidelines on the Application of Article 102 TFEU: An Economic Perspective
Dec 19, 2024 by
Benoit Durand