European Commision: Microsoft Compliance in the EU

The European Commission has announced that they have brought their Microsoft 365 system into compliance with the EU data protection rules, specifically Regulation (EU) 2018/1725. This significant achievement follows enforcement proceedings and a thorough investigation by the European Data Protection Supervisor (EDPS).  

The EDPS had previously identified several legal infringements in March 2024, and the Commission has stated it has implemented key improvements:

- Clearly defining the purposes for processing personal data.

- Ensuring that Microsoft handles data solely based on documented instructions.

- International data transfers are now strictly controlled, limiting transfers outside the EU/EEA to countries with equivalent protection or under specific public interest derogations.

- Furthermore, enhanced contractual provisions ensure the Commission is properly notified of any data disclosure requests.  

EDPS Supervisor Wiewiórowski commended the joint effort, highlighting it as a "meaningful and shared success." This compliance sets a strong precedent, and the EDPS urges other EU institutions using Microsoft 365 to adopt similar robust data protection measures.

Read more