European Commission found in violation of EU law over Microsoft 365 use

The European Commission’s usage of Microsoft 365 is in breach of EU privacy rules, the European Data Protection Supervisor (EDPS) said on Monday.

In a statement, the EDPS said that it had found that the commission had infringed several parts of the EU’s data protection law for EU institutions, bodies, offices and agencies (EUIs), including those on transfers of personal data outside the EU/European Economic Area (EEA).

It said that the commission has failed to provide appropriate safeguards to ensure that personal data transferred outside the EU/EEA are afforded an essentially equivalent level of protection as guaranteed in the EU/EEA, and that it failed to specify what types of data are to be collected and for what purpose in the commission’s contract with Microsoft.

The European Commission has been ordered to suspend all data flows resulting from its use of Microsoft 365 to Microsoft and to its affiliates and sub-processors located in countries outside the EU/EEA not covered by an adequacy decision, and to bring processing operations resulting from its use of Microsoft 365 into compliance. The EU has adequacy agreements with 16 countries including the UK and US.

The commission has been given a 9 December deadline to demonstrate compliance with both orders.

Wojciech Wiewiórowski, EDPS, said: “It is the responsibility of the EUIs to ensure that any processing of personal data outside and inside the EU/EEA, including in the context of cloud-based services, is accompanied by robust data protection safeguards and measures. This is imperative to ensure that individuals’ information is protected, as required by Regulation (EU) 2018/1725, whenever their data is processed by, or on behalf of, an EUI.”



Share Story:

Recent Stories


The future-ready CFO: Driving strategic growth and innovation
This National Technology News webinar sponsored by Sage will explore how CFOs can leverage their unique blend of financial acumen, technological savvy, and strategic mindset to foster cross-functional collaboration and shape overall company direction. Attendees will gain insights into breaking down operational silos, aligning goals across departments like IT, operations, HR, and marketing, and utilising technology to enable real-time data sharing and visibility.

The corporate roadmap to payment excellence: Keeping pace with emerging trends to maximise growth opportunities
In today's rapidly evolving finance and accounting landscape, one of the biggest challenges organisations face is attracting and retaining top talent. As automation and AI revolutionise the profession, finance teams require new skillsets centred on analysis, collaboration, and strategic thinking to drive sustainable competitive advantage.