The European Data Protection Supervisor revealed on 21 October that preliminary results of its investigation into Microsoft contracts with EU institutions show serious issues over compliance with data protection rules.

When using the products of IT service providers, EU institutions outsource the processing of large amounts of personal data. As transparency is vital to ensuring data and consumer protection in contractual agreements, they must have appropriate safeguards to mitigate the risks.

The authority had launched an investigation in April into the use of Microsoft products and services by EU institutions, which is still ongoing. The EDPS revealed that its preliminary results show concerns over the compliance of the relevant contractual terms with data protection rules and the role of Microsoft as a processor for EU institutions using its products.