Microsoft’s contracts with European institutions don’t respect EU’s latest rules on data protections such as GDPR, the European Data Protection Supervisor said today (via Reuters). EDPS opened this new investigation in April and worked with the Dutch ministry of Justice, which ran a similar inquiry back in June.
“Though the investigation is still ongoing, preliminary results reveal serious concerns over compliance of the relevant contractual terms with data protection rules and the role of Microsoft as a processor for EU institutions using its products and services,” the EDPS said in a statement.
GDPR data protection rules, which aim to to give consumers in the EU more over their personal data, went into effect back in May 2018. Microsoft emphazised their support for user privacy ahead of GDPR’s implementation date, but the company can apparently do better and is willing to do so. Some changes are coming according to a statement from a Microsoft spokesperson.
“We are committed to helping our customers comply with GDPR, Regulation 2018/1725 and other applicable laws,” a Microsoft spokesman said. “We are in discussions with our customers in the EU institutions and will soon announce contractual changes that will address concerns such as those raised by the EDPS.”