An investigation by the European Data Protection Supervisor (EDPS) mentions that Microsoft’s current agreements are not in conformity with the GDPR. As a result, the tech giant needs to update its agreements post haste. Microsoft accepted the ruling, and the company’s chief privacy officer, Julie Brill, announced that they had heard similar feedback from their customers regarding their Online Service Terms (OST).
The changes, as announced by Brill, include improvements to privacy policies that wouldn’t only affect EU-based customers, but all users around the world. Within the EU, the updated OTS intends to introduce added layers of transparency for data being processed within the Microsoft Cloud. Brill further went on to state that these changes were based on experience that Microsoft had with the Dutch Ministry of Justice and Security.
Personal Data Protection Rules Setting the Stage
Signed into law in May 2018, the GDPR is a sweeping bit of legislation that deals with all companies operating within the EU that have access to individual user data, and how they are allowed to use that data. It also includes the security measures a company with access to that data should have in place. In its ruling, the EDPS noted that Microsoft’s cloud served as a central processor for data to many European companies and governments. As a result, the contractual safeguards and mitigation of risk that the tech giant presented to its clients should conform to new regulations that were ratified in December of 2018.
The EDPS continues that it intends to investigate Microsoft’s contractual agreements with EU institutions and whether completed contracts between the company and any organizations within the EU conformed to the data and protection rules outlined in the GDPR. It is expected that Microsoft’s dedication to providing transparent operations regarding its cloud processing service and complying with governmental regulations will help the company garner further contracts within the EU going forward.