POLICY
POLICY
POLICY
European Data Protection Supervisor finds Microsoft contracts breach GDPR
Microsoft Corp.’s contracts with European Union institutions are in breach of the EU General Data Protection Regulation, according to preliminary findings published Monday by the European Data Protection Supervisor.
GDPR, which became EU law in May 2018, regulates processing, movement and use of personal data in the EU with allowances for data transfers outside the union. While best known for its penalties when data breaches occur, it also regulates how companies handle data in general. That’s where Microsoft comes into the picture.
The EDPS launched an inquiry into Microsoft’s contracts with the EU in April with a view to considering whether the tech giant was in compliance with GDPR. “Though the investigation is still ongoing, preliminary results reveal serious concerns over the compliance of the relevant contractual terms with data protection rules and the role of Microsoft as a processor for EU institutions using its products and services,” the EDPS said in a statement.
Responding to the preliminary findings, a spokesperson for Microsoft told Reuters that “we are committed to helping our customers comply with GDPR, Regulation 2018/1725 and other applicable laws. We are in discussions with our customers in the EU institutions and will soon announce contractual changes that will address concerns such as those raised by the EDPS.”
Although the breach of GDPR appears to be due to contractual issues, the root of the issue may be in part the way Office 365 records data. In November 2018, authorities in the Netherlands claimed at Office 365 breached GDPR because of a “telemetry data collection mechanism.” That mechanism involves Office 365 collecting what was described at the time as “functional and diagnostics data that is usually a standard practice among software developers,” though it included actual content from users’ application as well.
Microsoft was at the forefront of companies attempting to be GDPR-compliant before its launch, having released data protection tools in February 2018 to assist with compliance.
The EDPS primarily findings are preliminary, not final. When the final adjudication on the matter will be forthcoming is not clear, but the inquiry is ongoing.
Image: EDPS
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
