Privacy Watchdog Probes Amazon, Microsoft EU Contracts
Some Amazon and Microsoft contracts with EU institutions are under investigation for compliance with privacy law, the European Data Protection Supervisor said. It's considering whether the use of cloud services provided by Amazon Web Services and Microsoft under contract to…
Sign up for a free preview to unlock the rest of this article
Export Compliance Daily combines U.S. export control news, foreign border import regulation and policy developments into a single daily information service that reliably informs its trade professional readers about important current issues affecting their operations.
EU agencies, and the European Commission's use of Microsoft Office 365, meet general data protection regulation requirements. The probes are intended to ensure that EU institutions comply with the European Court of Justice decision in Schrems II. In October, the watchdog ordered EU bodies to report on their data transfers to non-EU countries; findings confirmed that institutions increasingly rely on cloud-based software and infrastructure or platform services from large providers, some of which are in the U.S. and subject to law deemed to allow disproportionate surveillance activities by authorities. The EDPS acknowledged that some cloud contracts were signed before the judgment, and that Amazon and Microsoft implemented new systems to align themselves with it. Nevertheless, it said, “these announced measures may not be sufficient to ensure full compliance with EU data protection law and hence the need to investigate this properly.” The goal of the investigation into the use of Microsoft Office 365 is to verify compliance with prior EDPS recommendations on the use of the company's products and services. Microsoft told us it will “actively support the EU institutions to answer questions raised” by the EDPS and is “confident to address any concerns swiftly.” Amazon didn't comment.