European data regulator investigates Microsoft's EU deals

null

It's easy for EU data protection authorities to just sit down and write a bunch of data protection rules, call them GDPR, sit back and watch businesses all over the world struggle to comply.

What about EU's own institutions? They, too, are using cloud-based services. They, too, are generating tons of user data on EU citizens. Shouldn't they, too, comply with GDPR?

That is why EU data protection authorities have launched a probe to see if the European Commission and other EU institutions comply with GDPR in the software agreements they have with Microsoft.

The investigation will analyse Microsoft's products and services which the EU institutions use at the moment, and conclude whether or not the agreements the two parties have are GDPR-compliant.

“When relying on third parties to provide services, the EU institutions remain accountable for any data processing carried out on their behalf,” said Assistant EDPS Wojciech Wiewiorowski. “They also have a duty to ensure that any contractual arrangements respect the new rules and to identify and mitigate any risks,” he said.

Microsoft commented shortly on the news, saying it was ready and willing to assist in the assessment.

GDPR, or General Data Protection Regulation, is a year-old legislative drafted by the European Union, which aims to protect the private data of EU citizens. Data privacy has become a hot topic in the past couple of years, with the media frequently reporting large companies being breached, hiding being breached, while hackers sell the data on the black market, or use it for identity theft, credit card theft and many other different types of criminal activity.  

Image Credit: Docstockmedia / Shutterstock