Microsoft — Enforcement

majorAnti-PrivacyJan 12, 2024 → Mar 8, 2024Enforcement

Executive Summary

The European Data Protection Supervisor ruled that the European Commission's use of Microsoft 365 infringed EU data protection law. The EDPS found violations of purpose limitation, international data transfer rules, and unauthorized disclosures of personal data. The Commission was ordered to suspend all data flows to Microsoft entities outside the EU/EEA by December 2024.

Post LinkedIn Reddit Email

data-collection eu-compliance data-transfers enforcement

Sources

EDPS: European Commission's use of Microsoft 365 infringes data protection law
TechCrunch: EU's use of Microsoft 365 found to breach data protection rules