RSS   Newsletter   Contact   Advertise with us

EU data watchdog raises concerns over Microsoft contracts with EU institutions

Share on Twitter Share on LinkedIn
Christian Fernsby ▼ | October 21, 2019
Cooperation between public authorities in the Member States, EU institutions and other international organisations is essential to ensure that contractual arrangements and measures with Microsoft provide the same level of protection for individual rights throughout the European Economic Area (EEA).
Europe   The European Data Protection Supervisor (EDPS) launched an investigation into Mi
Amended contractual terms, technical safeguards and settings agreed between the Dutch Ministry of Justice and Security and Microsoft to better protect the rights of individuals shows that there is significant scope for improvement in the development of contracts between public administration and the most powerful software developers and online service outsourcers.

Topics: Microsoft institution contract

The EDPS is of the opinion that such solutions should be extended not only to all public and private bodies in the EU, which is our short-term expectation, but also to individuals, the Assistant EDPS said today.

In April 2019, the European Data Protection Supervisor (EDPS) launched an investigation into the use of Microsoft products and services by EU institutions.

The investigation identified the Microsoft products and services used by the EU institutions and assessed whether the contractual agreements concluded between Microsoft and the EU institutions are fully compliant with data protection rules.

The EDPS also considered whether there were appropriate measures in place to mitigate risks to the data protection rights of individuals when EU institutions use Microsoft products and services.

Though the investigation is still ongoing, preliminary results reveal serious concerns over the compliance of the relevant contractual terms with data protection rules and the role of Microsoft as a processor for EU institutions using its products and services.

Similar risk assessments were carried out by the Dutch Ministry of Justice and Security confirmed that public authorities in the Member States face similar issues.

Together with the Dutch Ministry of Justice and Security, the EDPS organised the first EU software and cloud suppliers customer council in The Hague on 29 August 2019, where participants established The Hague Forum, which aims to discuss both how to take back control over the IT services and products offered by the big IT service providers and the need to collectively create standard contracts instead of accepting the terms and conditions as they are written by these providers.

The EDPS encourages all concerned parties to join the Forum and help us to set fair contractual terms for public administration, working in synergy and exchanging best practices in outsourcing services, especially in the demamding cloud environment.