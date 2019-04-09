Share on Facebook Share on Twitter Share on Google+ Share on LinkedIn +

A number of contractual arrangements between the EU institutions and Microsoft have come under investigation by the European Data Protection Supervisor (EDPS), a relatively new independent supervisory authority for all EU institutions that is responsible for enforcing and monitoring compliance with data protection rules, to ensure consistent data protection.

The EU institutions rely on Microsoft services and products to carry out their daily activities, which includes the processing of large amounts of personal data, or any information relating to a living person including their name, date of birth, email address, telephone number, as well as their IP address and communications history. The EU believes contractual safeguards and risk-mitigating measures must be in place to ensure compliance with the bloc’s data protection regulations.

“Contractors now have direct responsibilities when it comes to ensuring compliance. However, when relying on third parties to provide services, the EU institutions remain accountable for any data processing carried out on their behalf.”, said Wojciech Wiewiórowski from EDPS.

Europe’s data protection regulation coming into force on 11 December 2018 and introduced protection rules that are applicable to the EU institutions and in line with rules for other organisations and businesses operating in the EU

The investigation will assess whether the contractual arrangements concluded between Microsoft and the EU institutions are fully compliant with the existing data protection rules. The EDPS is also responsible for ensuring public awareness of any possible risks if there are any violations.