As DMA takes place, EU Commission ironically breaches privacy rules when using Microsoft's apps

The European Digital Market Act (DMA) has been in place since early March 2024. Gatekeepers, like Microsoft, Apple, and Alphabet (Google’s owner), have been making changes to their products to comply with the new regulation.

Ironically, a new report from a watchdog organization says that the EU Commission has been “breaching privacy rules” of its use of Microsoft’s software. The union’s executive branch is responsible for proposing legislation, among other things.

Per Reuters on Monday, the European Data Protection Supervisor (EDPS) found that the European Commission was not careful enough with how it handled Microsoft 365, the Redmond company’s productivity family apps consisting of Word, Excel, PowerPoint, and more, breaching privacy rules.

EDPS then ordered a crackdown on data transfers to Microsoft for users in non-European countries without strong privacy protections. This stems from privacy concerns raised in 2013 following revelations of U.S. government surveillance practices.

“In its contract with Microsoft, the Commission did not sufficiently specify what types of personal data are to be collected and for which explicit and specified purposes when using Microsoft 365,” the EDPS said.

As a response, Microsoft later stated its intent to review the decision and collaborate with the EU to address the concerns, noting that the issues raised pertain primarily to transparency requirements under EU law applicable to EU institutions.