EU data protection authorities said they have launched an investigation into the compliance of EU institutions’ contracts with Microsoft under the new data privacy rules that came into effect in May last year.
The European Data Protection Supervisor (EDPS), which launched its investigation on Monday (April.8th), said it will try to determine whether the contracts held by the European Commission and the EU’s 69 other institutions comply with the EU’s General Data Protection Rules (GDPR).
“When relying on third parties to provide services, the EU institutions remain accountable for any data processing carried out on their behalf,” said Assistant EDPS Wojciech Wiewiorowski, according to Reuters.
“They also have a duty to ensure that any contractual arrangements respect the new rules and to identify and mitigate any risks,” he said.
The EDPS is able to impose fines of up to 50,000 euros for each infraction, Reuters reported.
Microsoft said it’s ready to assist its customers in the EDPS investigation.
“We are committed to helping our customers comply with GDPR, Regulation 2018/1725, and other applicable laws and are confident that our contractual arrangements allow customers to do so,” Microsoft said.
The EDPS said some of the data protection worries could be similar to Dutch concerns raised last year about the data collected through Microsoft Pro-Plus. This includes Microsoft Outlook and Microsoft Word.
The concerns related to data stored in a database in the US in a way that the Netherlands said posed major risks to users’ privacy. Microsoft had to make changes in order to comply with EU rules.