The European Data Protection Supervisor (EDPS) has instructed the European Commission (EC) to stop usiThe European Data Protection Supervisor (EDPS) has instructed the European Commission (EC) to stop using Microsoft products. This decision follows an investigation revealing several data protection law violations by the EC when using Microsoft 365.
In its ruling, the EDPS emphasized that the EC must suspend data flows to Microsoft and its non-EU-based sub-processors. The deadline for compliance is December 9, 2024.
Key Findings of the EDPS Investigation
The EDPS highlighted several critical issues with how the EC handled Microsoft 365:
- Non-EU Data Transfers
The EC failed to ensure that data processed outside the EU is as secure as data within the region. - Unclear Contracts
Microsoft’s contracts with the EC lack transparency. They do not clearly specify which personal data is collected or why it is collected. - Wide Impact
The EDPS noted that almost all operations involving Microsoft 365 violated data protection laws. These issues impact a large number of individuals.
Wiewiórowski’s Statement on Microsoft Data Protection Issues
Wojciech Wiewiórowski, the EDPS, stressed the responsibility of EU institutions to uphold data protection standards. He stated,
“EU institutions must ensure robust safeguards for personal data processed both inside and outside the EU. This is essential to comply with Regulation (EU) 2018/1725.”
Learn more about EU data protection regulations.
The Broader Implications
The EDPS ruling highlights the importance of prioritizing data security. The upcoming NIS2 directive, set to take effect in late 2024, will reinforce these standards. Organizations must take proactive steps to avoid similar violations.
How vBoxx Can Help
Looking for a secure alternative? At vBoxx, we prioritize privacy and security. Our services include cloud storage, email hosting, video conferencing, password management, and more.
With our EU-based data center and no use of sub-processors, we ensure that your data stays private and protected. Whether you’re a small business or a large organization, we can help you stay compliant with EU data protection laws.
Ready to take control of your data privacy? Contact us today!