European privacy watchdog EDPS is taking the European Commission (EC) to task. The EC is alleged to have flouted several data management rules.
The EDPS points out that the EC did not sufficiently consider the data that might end up outside the EU. Now the regulator is demanding that the Commission stop all forms of data traffic toward Microsoft through the use of Microsoft 365 by December 9, 2024. This advice comes on the back of a lengthy investigation that looked at the EC’s compliance with privacy laws. Thus, although Microsoft says it is doing everything it can to comply with European rules around data traffic, the company appears unable to provide sufficient guarantees.
Crucial that personal data remains protected
Wojciech Wiewórowski of the EDPS emphasizes that it is the responsibility of European bodies to comply with privacy legislation. “This is imperative to ensure that individuals’ information is protected, as required by Regulation (EU) 2018/1725, whenever their data is processed by, or on behalf of, an EUI [European Union institution, red.].”
The study started back in May 2021 and followed the Schrems II decision, which complicates data traffic between Europe and U.S. cloud services. After all, legislation in the U.S. ensures that American companies potentially have to make all their data available to investigators, including data from European citizens. Incidentally, Microsoft promises with the Cloud for Sovereignty that Europeans’ data will remain protected, but we highlighted when this was launched a few months ago that the company cannot make that promise at all.
Also read: Microsoft Cloud for Sovereignty isn’t all it’s cracked up to be
20 hours ago
