This news may reflect the seriousness of the European Union’s digital law enforcement process, as the European Data Protection Supervisor (EDPS) disclosed a report revealing that the European Commission (EC) violated its own data protection rules by using Microsoft 365 without specifying data storage methods with Microsoft.
The report indicated that the Commission could not sufficiently detail which personal data was being stored and for what purposes, including information about users in the EU being sent back to the United States. The EC started using Microsoft 365 in May 2021.
EDPS issued a directive for the EC to collaborate with Microsoft, prohibiting the export of usage data outside the EU, as it did not comply with EU requirements. They are also reviewing contracts for new data management practices by December 9.
On the EC’s side, they stated that they have started improving their data management issues since EDPS began investigating late last year. They are conducting a thorough review of all software usage to ensure compliance with regulations, particularly in cases where mobile apps and IT connectivity services may not have been adequately assessed.
Source: TechCrunch
TLDR: The European Commission’s use of Microsoft 365 without proper data storage methods led to a violation of data protection rules, prompting the European Data Protection Supervisor to intervene and demand collaboration with Microsoft to ensure compliance with EU regulations.
Leave a Comment