The European Data Protection Supervisor found the European Commission's use of Microsoft 365 violates several provisions of EU Regulation 2018/1725, "the EU's data protection law for EU institutions, bodies, offices and agencies." Notably, the Commission allegedly did not take adequate safeguards to ensure personal data transferred outside the European Economic Area received the same level of protection once transferred to another jurisdiction. The EDPS mandated the Commission suspend all data flows through the use of Microsoft 365 before 9 Dec. Editor's note: 11 March 2024, 2:30 pm Eastern Time: The IAPP Daily Dashboard mistakenly reported the violation determined by the EDPS. The violation is corrected above.
12 March 2024
EDPS finds European Commission's use of Microsoft 365 violates EU data protection law
Related stories
Privacy in the age of robotics: A discussion with Erin Relford
GPS 2025: Sam Altman, Alex Blania discuss Tools for Humanity's biometric technology
Notes from the IAPP Canada: An evolving approach to privacy amid geopolitical shifts
GPS 2025: European regulators reflect on pay or consent enforcement, concerns
GPS 2025: Collaboration, precision highlight future of US state privacy law enforcement