The European Data Protection Supervisor (EDPS) warns governments about Microsoft products and services. The privacy watchdog writes in a press release that government institutions of EU member states may not comply with privacy legislation if they use the services of Microsoft.
The EDPS writes this message in response to an ongoing investigation into the risks to the privacy of European citizens when government agencies use Microsoft services. The provisional conclusion of the regulator is that the contracts between Microsoft and government institutions do not sufficiently guarantee the data protection of European citizens.
The regulator hereby cites an investigation from June 2019 by the Dutch Ministry of Justice and Security. This showed that various Microsoft products collected too much data from users.
Microsoft then had to make the necessary adjustments to their software. This involved Windows 10 and Microsoft Office. The EDPS writes that government institutions in other member states should also be keen on this and that they may not yet comply with privacy legislation due to the use of Microsoft software.
To better protect the privacy of European citizens, the EDPS has established a forum where Member States can consult on the use of software.