Data Protection Rules Breached: EU’s Utilization of Microsoft 365 Unveiled
A lengthy investigation into the European Union’s use of Microsoft 365 has found the Commission breached the bloc’s data protection rules through its use of the cloud-based productivity software.
Announcing its decision in a press release today, the European Data Protection Supervisor (EDPS) said the Commission infringed “several key data protection rules when using Microsoft 365”.
The regulator, which oversees’ EU institutions’ compliance with data protection rules, opened a probe of the Commission’s use of Microsoft 365 and other US cloud services back in May 2021.
Yet use of Microsoft 365 routinely results in data flowing back to Microsoft’s servers in the US.
Over the last few years, Microsoft has responded to amped up EU regulatory risk attached to data transfers by expanding a data localization effort focused on regional cloud customers — in an infrastructure it’s branded the “EU Data Boundary for the Microsoft Cloud”.