Investing.com UK - Financial Markets Worldwide
🚀 ProPicks AI Hits +34.9% Return!Read Now

EU Commission's use of Microsoft software breached privacy rules, watchdog says

Published 11/03/2024, 09:04
Updated 11/03/2024, 20:25
© Reuters. FILE PHOTO: Smartphone is seen in front of Microsoft logo displayed in this illustration taken July 26, 2021. REUTERS/Dado Ruvic/Illustration/File Photo
MSFT
-

By Foo Yun Chee

BRUSSELS (Reuters) -The European Commission's use of Microsoft (NASDAQ:MSFT) software breached EU privacy rules and the bloc's executive also failed to implement adequate safeguards for personal data transferred to non-EU countries, the EU privacy watchdog said on Monday.

The European Data Protection Supervisor (EDPS) ordered the Commission to take measures to comply with privacy rules and to halt data transfer to the U.S. company and subsidiaries located in third countries which do not have privacy deals with the EU, setting a deadline of Dec. 9 for both orders.

The EDPS's decision followed a three-year probe triggered by worries about the transfer of personal data to the United States following revelations in 2013 by former U.S. intelligence contractor Edward Snowden of mass U.S. surveillance.

"The Commission has failed to provide appropriate safeguards to ensure that personal data transferred outside the EU/EEA are afforded an essentially equivalent level of protection as guaranteed in the EU/EEA," the watchdog said in a statement.

The EEA, or European Economic Area, is made up of the 27 EU countries and Iceland, Liechtenstein and Norway.

"In its contract with Microsoft, the Commission did not sufficiently specify what types of personal data are to be collected and for which explicit and specified purposes when using Microsoft 365," the EDPS said.

Microsoft 365 is the product suite that includes Word documents, Excel spreadsheets, PowerPoint presentations and Outlook emails.

The data protection authority ordered the Commission to suspend all data flows resulting from its use of Microsoft 365 to the company and its affiliates and sub-processors located in countries outside Europe that are not covered by an adequacy decision.

The EU has data adequacy agreements with 16 countries, including Argentina, Japan, South Korea, Switzerland, Britain and the United States.

The Commission did not immediately respond to a request for comment.

Microsoft said it would review the EDPS' decision and work with the EU executive to address the concerns.

© Reuters. FILE PHOTO: Smartphone is seen in front of Microsoft logo displayed in this illustration taken July 26, 2021. REUTERS/Dado Ruvic/Illustration/File Photo

"Concerns raised by the European Data Protection Supervisor relate largely to stricter transparency requirements under the EUDPR, a law that applies only to the European Union institutions," a spokesperson said.

The EU executive was also told to take measures to ensure that its use of Microsoft 365 complies with privacy rules.

Latest comments

Install Our App
Risk Disclosure: Trading in financial instruments and/or cryptocurrencies involves high risks including the risk of losing some, or all, of your investment amount, and may not be suitable for all investors. Prices of cryptocurrencies are extremely volatile and may be affected by external factors such as financial, regulatory or political events. Trading on margin increases the financial risks.
Before deciding to trade in financial instrument or cryptocurrencies you should be fully informed of the risks and costs associated with trading the financial markets, carefully consider your investment objectives, level of experience, and risk appetite, and seek professional advice where needed.
Fusion Media would like to remind you that the data contained in this website is not necessarily real-time nor accurate. The data and prices on the website are not necessarily provided by any market or exchange, but may be provided by market makers, and so prices may not be accurate and may differ from the actual price at any given market, meaning prices are indicative and not appropriate for trading purposes. Fusion Media and any provider of the data contained in this website will not accept liability for any loss or damage as a result of your trading, or your reliance on the information contained within this website.
It is prohibited to use, store, reproduce, display, modify, transmit or distribute the data contained in this website without the explicit prior written permission of Fusion Media and/or the data provider. All intellectual property rights are reserved by the providers and/or the exchange providing the data contained in this website.
Fusion Media may be compensated by the advertisers that appear on the website, based on your interaction with the advertisements or advertisers.
© 2007-2024 - Fusion Media Limited. All Rights Reserved.