The European Data Protection Supervisor (EDPS) is keenly examining the European Commission’s adherence to data protection compliance concerning their deployment of Microsoft 365. This measure forms part of a larger effort to ensure that personal data processed by EU institutions adhere to the stringent protections established within Regulation (EU) 2018/1725.
Key Insights:
– EDPS Compliance Investigation: On 6 December 2024, the European Commission submitted a compliance report to the EDPS, following directives issued on 8 March 2024. This submission is under thorough analysis as the EDPS assesses whether the Commission has met the necessary compliance benchmarks.
– Suspension and Compliance Orders: The EDPS ordered a suspension of data flows linked to Microsoft 365 to regions outside the EU/EEA not shielded by an adequacy decision. Additionally, the Commission is required to align its processing activities with specified compliance guidelines.
– Regulatory Framework and Judicial Context: This ongoing investigation is underpinned by Regulation (EU) 2018/1725, the applicable legal framework for data protection within EU institutions. The EDPS’ decision remains active, although it is currently contested in court proceedings (Cases T-262/24 and T-265/24), limiting further comments from the EDPS at this time.
The EDPS is steadfast in its approach to monitoring compliance in data processing by EU entities, ensuring a rigorous assessment of the European Commission’s use of Microsoft 365. This meticulous analysis is integral to safeguarding data integrity amidst the evolving technological landscape.
For further reading and detailed documentation, visit the original source link: [EDPS Press Release](https://www.edps.europa.eu/press-publications/press-news/press-releases/2024/edps-follows-compliance-european-commissions-use-microsoft-365_en).