EU software deals with Microsoft under scrutiny
The investigation will assess whether contractual agreements between the EU institutions and Microsoft are compliant with data protection rules.
A new regulation introduced in December 2018 means EU bodies must comply with the same data protection rules regarding the outsourcing of data processing as other EU organisations and businesses, as set by the General Data Protection Regulation (GDPR).
The move follows the publication of a data protection impact assessment report, commissioned by the Dutch Ministry of Justice and Security, which found that data provided by and about users was being gathered through certain Microsoft applications and stored in a US database in a way that posed risks to user privacy.
Wojciech Wiewiórowski, assistant European data protection supervisor (EDPS), said: “New data protection rules for the EU institutions and bodies came into force on 11 December 2018. Contractors now have direct responsibilities when it comes to ensuring compliance.
“However, when relying on third parties to provide services, the EU institutions remain accountable for any data processing carried out on their behalf. They also have a duty to ensure that any contractual arrangements respect the new rules and to identify and mitigate any risks. It is with this in mind that the contractual relationship between the EU institutions and Microsoft is now under EDPS scrutiny.”

We hope you enjoyed this article.
Research Live is published by MRS.
The Market Research Society (MRS) exists to promote and protect the research sector, showcasing how research delivers impact for businesses and government.
Members of MRS enjoy many benefits including tailoured policy guidance, discounts on training and conferences, and access to member-only content.
For example, there's an archive of winning case studies from over a decade of MRS Awards.
Find out more about the benefits of joining MRS here.
0 Comments