European data supervisor investigates Microsoft software used by EU
RUSSELS (Reuters) – The European Union’s data protection supervisor said on Monday it is investigating whether products provided by software giant Microsoft to EU institutions comply with its new data protection rules.
In November the Dutch government raised concerns in a report about the collection of data done through Microsoft ProPlus, which includes popular software such as Microsoft Word writing software and Microsoft Outlook email.
“Any EU institutions using the Microsoft applications investigated in this report are likely to face similar issues to those encountered by national public authorities,” the European Data Protection Supervisor (EDPS) said in a statement.
EDPS said it suspected that institutions using Microsoft Office ProPlus software might face “increased risks to the rights and freedoms of individuals.”
It said it would check which Microsoft applications are used by EU institutions. Its investigation will look into whether the contractual arrangements between the US company and EU institutions to process personal data are “fully compliant” with the new General Data Protection Rules (GDPR) that came into force last year.
EU institutions, such as the European Commission and the European Parliament, rely on Microsoft services and products to carry out their daily activities, the supervisor said.
US lawmakers delay bill on European data privacy deal
Earlier, legislation that would grant US privacy rights to Europeans is being delayed in the US Senate, which may complicate negotiations over a broader trans-Atlantic data transfer pact that faces a January deadline for completion, sources said.
The Judicial Redress Act, which would allow citizens of European allied countries to sue over data privacy in the United States, is “likely to be held” from a scheduled vote on Thursday in the Senate Judiciary Committee, a panel aide said.
Passage of the legislation is viewed as an important step toward securing a new “Safe Harbor” framework after the previous one was struck down by a top European Union court last year amid concerns about US surveillance.
More than 4,000 firms, including tech behemoths such as Google and IBM, have been relying on the 15-year-old Safe Harbor framework to freely transfer data between the United States and Europe, which has far stricter rules on the privacy of personal information.
But that deal was ruled invalid last October by the Court of Justice of the European Union, which cited revelations about US mass surveillance by former National Security Agency contractor Edward Snowden.
European Union data protection authorities have given Brussels and Washington until the end of January to strike a new Safe Harbor agreement for transferring personal data.