The European Data Protection Supervisor (EDPS) announced on Monday 8 April that it had opened an investigation into the compliance of contractual agreements between Microsoft and the European institutions with the rules on the processing of personal data by EU bodies (see EUROPE 12025/5), which entered into force on 11 December 2018.
In its press release, the EDPS refers to an impact assessment report on Microsoft Office ProPlus software, commissioned by the Dutch Ministry of Justice and Security in November 2018.
The report in question revealed a large-scale collection of personal data by Microsoft, without properly informing its users, through Office.
"Any EU institutions using the Microsoft applications investigated in this report are likely to face similar issues to those encountered by national public authorities, including increased risks to the rights and freedoms of individuals", the EDPS explained.
The EU institutions rely on Microsoft services and products to carry out their daily activities, including the processing of large amounts of personal data, he stressed.
The survey will therefore assess which Microsoft products and services are currently used by the EU institutions and whether the contractual agreements concluded are in full compliance with EU data protection rules. (Original version in French by Marion Fontana)