The European Commission collected and processed personal data in an ambiguous manner, without specifying their type and purpose of use. It was also determined that sufficient security measures were not provided when transferring data outside the EU. Corrective measures include pausing the flow of data to Microsoft 365 until appropriate protective measures are taken.
It is necessary to analyze data transfers and ensure that they are carried out only for tasks within the competence of the supervisory authority. It also requires reviewing contracts with Microsoft to ensure transparency, data processing limitations and suitability for intended use.
EDPS noted that the responsibility for ensuring reliable measures to protect personal data processed in cloud services belongs to the EU institutions. Microsoft and the European Commission have not yet commented on the EDPS findings.
Source: Ferra
I am a professional journalist and content creator with extensive experience writing for news websites. I currently work as an author at Gadget Onus, where I specialize in covering hot news topics. My written pieces have been published on some of the biggest media outlets around the world, including The Guardian and BBC News.
