Investigation finds Microsoft on the wrong side of the GDPR once again

While Microsoft has been at the forefront of keeping their clients compliant with the 2018 European General Data Protection Regulation, they have had more than their fair share of issues with regulators around their implementations, usually focussed around their telemetry data.

Now the EU General Data Protection Regulation has once again raised concerns as part of its preliminary findings into Microsoft’s contracts with the EU.

“Though the investigation is still ongoing, preliminary results reveal serious concerns over the compliance of the relevant contractual terms with data protection rules and the role of Microsoft as a processor for EU institutions using its products and services,” the EDPS said in a statement.

The EDPS is concerned that by dealing with Microsoft European Union institutions do not fully protect data in line with EU law.

They are encouraging technology clients in Europe to work together to make sure the terms of their contracts signed with vendors comply with GDPR, and have opened the Hague Forum to help purchasers collectively discuss the issue.

Microsoft has already spent some money to get closer to compliance, opening European data centres for local data handling and providing new options for telemetry data.

Microsoft for its part was committed to addressing any issues raised by the EDPS, saying:

“We are committed to helping our customers comply with GDPR, Regulation 2018/1725 and other applicable laws. We are in discussions with our customers in the EU institutions and will soon announce contractual changes that will address concerns such as those raised by the EDPS.”

Via Reuters