EU contracts with Microsoft raising “serious” data concerns, says watchdog

Europe’s chief data protection watchdog has raised concerns over contractual arrangements between Microsoftand the European Unioninstitutions which are making use of its software products and services.

The European Data Protection Supervisor (EDPS) opened an enquiry into the contractual arrangements between EU institutions and the tech giant this April, following changes to rules governing EU outsourcing.

Today it writes [with emphasis]: “Though the investigation is still ongoing, preliminary results revealserious concerns over the compliance of the relevant contractual terms with data protection rules and the role of Microsoft as a processor for EU institutionsusing its products and services.”

We’ve reached out to Microsoft for comment.

A spokesperson for the company told Reuters: “We are committed to helping our customers comply with GDPR [General Data Protection Regulation], Regulation 2018/1725 and other applicable laws. We are in discussions with our customers in the EU institutions and will soon announce contractual changes that will address concerns such as those raised by the EDPS.”

The preliminary finding follows risk assessments carried out by the Dutch Ministry of Justice and Security, published this summer, which also found similar issues, per the EDPS.

At issue is whether contractual terms are compatible with EU data protection laws intended to protect individual rights acr