The European Commissionβs use of Microsoft 365 software has come under scrutiny by the EUβs privacy watchdog.
As first reported by Reuters, the Commissionβs leveraging of Microsoft allegedly breaches privacy rules, while the European Data Protection Supervisor (EDPS) watchdog added that the blocβs executive failed to introduce adequate safeguards for personal data transferred to non-EU or non-European Economic Area (EEA) nations.
The EDPS mandated that the Commission must ensure compliance with privacy regulations and cease data transfers to the American business and its subsidiaries in third countries lacking established privacy agreements with the EU. Both directives were issued with a deadline of December 9.
The EDPS said in a statement:
The Commission has failed to provide appropriate safeguards to ensure that personal data transferred outside the EU/EEA are afforded an essentially equivalent level of protection as guaranteed in the EU/EEA(β¦) In its contract with Microsoft, the Commission did not sufficiently specify what types of personal data are to be collected and for which explicit and specified purposes when using Microsoft 365.β
The EDPS directed the Commission to halt all data transfers stemming from its utilisation of Microsoft 365 to the Redmond-based tech giant and its affiliates and sub-processors situated in countries outside of Europe that are not covered by the EUβs established data adequacy agreements, whose 16 members include the US, UK, Switzerland and South Korea. It was also told to ensure that its use of Microsoft 365 moving forward complies with its privacy rules.
The EDPSβs ruling stemmed from a three-year investigation prompted by worries over the transfer of personal data to the US, initially sparked by revelations in 2013 by former US intelligence contractor Edward Snowden around US surveillance practices.
βConcerns raised by the European Data Protection Supervisor relate largely to stricter transparency requirements under the EUDPR, a law that applies only to the European Union institutions,β a Microsoft spokesperson responded, affirming that it would review the EDPSβ decision and cooperate to manage the concerns.
The European Commission had yet to reply to Reutersβ request for comment.
Microsoft and the European Commission
Microsoft has had a complicated relationship with the European Commission for decades, but the last year has amplified that friction.
In August, Microsoft announced its intention toΒ unbundle Teams from Office 365Β in Europe after pressure from Slack and the European Union to avoid the European Commissionβs recently announced probe into its allegedly anticompetitive practices.
Slack had accused Microsoft of anticompetitive behaviour because the tech giant included Teams in its subscriptions for free rather than charging extra or giving enterprises the ability to buy Office 365 without Teams. The EUβs investigation was confirmed in July after months of swirling rumours.
Microsoft had proposed to unbundle Teams from its software packages and sell them to new customers with an annual discount. However, the European Commission considered this concession too little and too late and was preparing a statement of objections to send to Microsoft.
Microsoft also became under investigation by the European Commission following the introduction of the Digital Markets Act (DMA), which targeted βgatekeepersβ that offered βcore platform servicesβ and potentially underwent uncompetitive business practices.
The Commission was exploring whether Microsoftβs Bing, Edge and Advertising services fall under the remit of the DMA. However, Microsoft has argued that Bing should not tied to the same regulatory conditions as Google as it has only a three percent market share.
More recently, the European Commission has accompanied other antitrust bodies like the UKβs Competition and Markets Authority (CMA) and the USAβs Federal Trade Commission in probing Microsoft and OpenAIβs relationship.
Microsoft has invested roughly $13 billion in OpenAI over the past four years. However, all three regulatory probes come off the back of Novemberβs OpenAI saga, in which its CEO Sam Altman was ousted by its board before being reinstated just four days later following intense pressure from both employees and investors β a melodrama that resulted in Microsoft securing a nonvoting position on OpenAIβs board and its CEO Satya Nadella publicly called for improved governance for the AI startup.
