Data protection: Microsoft 365 is a problem for the EU Commission

The work of officials in the EU Commission also largely takes place at a desk and on a PC. Microsoft 365, probably the most popular Office program, is used in many areas. But this is now causing quite a stir in Brussels. After all, none other than the EU Data Protection Commissioner has expressed serious concerns about the use of Word, Excel, PowerPoint and the like.

Data protection officer has concerns

Drinking wine and preaching water? Malicious tongues may well want to throw this at the EU Commission when it comes to data protection. At the very least, the EU executive body does not appear to be all that secure when it comes to data protection, as the latest findings have now brought to light. The European Data Protection Supervisor (EDPS), Wojciech Wiewiórowski, claims to have identified various breaches in connection with Microsoft 365. In the context of cloud use, there are said to be uncertainties as to whether sensitive data is not being sent across the pond.

It is an important requirement that personal data is really only processed within the European Union. Naturally, the use of such data is a source of irritation for the EDPS. In a press release, the EDPS has now made public the fact that data protection is inadequate. The problem does not appear to be new for the data protection expert. After all, the investigation is said to have begun almost three years ago. There is now a need for action on the part of the Commission. The EDPS has set it a deadline of 9.12.24 to rectify the shortcomings.

Microsoft 365 Cloud data does not remain in the EU

For the EU Commission, this now means a lot of stress. After all, it has two options. The most stressful, but safest, option is probably to move away from Microsoft 365. However, such a major software changeover is associated with various challenges in such a large authority and would certainly take many months. Alternatively, it can ensure that personal data is no longer transferred to other EU countries.

Once the deadline has expired, the Commission has a burden of proof. If one follows the statements of the EDPS, it becomes clear that the Commission has caused the problem itself. After all, it could have already stipulated in the contract with Microsoft that only certain data may be processed by Microsoft. Now one can only hope that the Commission will act quickly. After all, the recent cyberattacks on Microsoft make the whole thing taste even more bitter.