Blog page img

Our Blog

Learn About The Latest Issues Facing The Technology and Telecommunications Industries. Subscribe To Our Blog And Get Regular Updates Automatically!

Some of our Satisfied Clients

Startups, SMEs, Public Listed Entities, Multinational Corporations and Government

featured in

European Commission found to have infringed data protection laws

Top view of steel padlock and computer keyboard. Internet security and data protection concept.

The European Data Protection Supervisor revealed that the European Commission has infringed several data protection laws when using Microsoft 365.

The Commission breached the European Union’s (EU) regulation 2018/1725, which handles the data practices of EU bodies, agencies, and offices. Under the regulation, the Commission:

  • Failed to provide appropriate safeguards to ensure that personal data transferred outside the EU and European Economic Area was afforded an equivalent level of protection as is guaranteed within the EU and European Economic Area, and
  • Failed to sufficiently specify what types of personal data were to be collected and for what explicit and specific purpose in its contract with Microsoft for the use of Microsoft 365.

These breaches consisted of 11 infringements against the regulations, with the European Data Protection Supervisor taking several corrective actions against the Commission, including:

  • Suspending all data flows resulting from the Commission’s use of Microsoft 365 to Microsoft and its affiliate and sub-processors located in countries outside the EU and European Economic Area not covered by an adequacy decision, and
  • Bringing all processing operations resulting from the Commission’s use of Microsoft 365 into compliance with the regulation.

The European Data Protection Supervisor has taken a strong stance on these data malpractices to highlight that no matter the size or role of an entity, it will always remain subject to data protection laws within the EU, even when using a common tool such as Microsoft 365.

Compliance with these corrective actions must be demonstrated by the Commission by 9 December 2024.

For a full reading of the media release, see here.

"Stellar Results Through Technology Contract Negotiations"

Are you putting your business at risk with lawyers who don’t understand Technology Contracts?

free book