With rival U.S. tech firms falling one-by-one to increased antitrust scrutiny at home and in the EU, Microsoft has remained largely unscathed. But a preliminary report by the European Data Protection Supervisor, an EU-based data watchdog, suggests that it could still run into some legal issues in Europe.
“Though the investigation is still ongoing, preliminary results reveal serious concerns over the compliance of the relevant contractual terms with data protection rules and the role of Microsoft as a processor for EU institutions using its products and services,” an EDPS statement issued Monday reads.
The EDPS launched a preliminary investigation into the EU’s use of Microsoft products and services in April to determine whether its contracts with various EU institutions comply with the block’s data protection rules, in particular, the General Data Protection Regulation (GDPR). Today’s statement suggests that they are not, though there are no further details.
“When relying on third parties to provide services, the EU institutions remain accountable for any data processing carried out on their behalf,” the EDPS’ Wojciech Wiewiorowski said back in April. “They also have a duty to ensure that any contractual arrangements respect the new rules and to identify and mitigate any risks.”
Microsoft has been assisting the investigation, and it has made changes in the past, as with a 2018 Dutch case concerning Office 365 ProPlus, to comply with EU data protection rules.