[08.04.2019 – 01:55 CET] A Microsoft spokesperson reached out to us and offered a statement about the investigation. The company does not go into detail but says it is committed to the privacy of its customers in Europe and complying with GDPR:
“We are committed to helping our customers comply with GDPR, Regulation 2018/1725, and other applicable laws and are confident that our contractual arrangements allow customers to do so. We stand ready to help our customers answer any questions the European Data Protection Supervisor may have.”
[08.04.2019 – 17:45 CET] While the European Commission is tough on all tech companies, Microsoft largely escapes the attention the regulatory body shows to serial offenders like Google, Facebook, and Amazon. However, the EU’s data protection supervisor has said it is investigating Microsoft’s software in EU institutions.
Specifically, the European Commission will see if Microsoft’s solutions used by governments in the European Union comply with its GDPR regulations.
Europe’s General Data Protection Regulations (GDPR) have been active since earlier this year. The new strict laws to prevent companies engaging in anti-competitive behavior. Last November, the Dutch government questioned the collection of data through Microsoft ProPlus. This is a bundle of solutions that includes Outlook and Word.
“Any EU institutions using the Microsoft applications investigated in this report are likely to face similar issues to those encountered by national public authorities,” the European Data Protection Supervisor (EDPS) said in a statement.
Furthermore, the EDPS believes institutions using Microsoft ProPlus may be increasing “risks to the rights and freedoms of individuals.”
A check will be made on the company’s apps. Investigators will look at whether contracts between Microsoft and EU groups are “fully compliant with GDPR.
The investigation will include looking into software used by the European Commission itself and the European Parliament, both of which use MS Office services.
Dutch authorities say a telemetry data function in Microsoft Office breaks GDPR rules. The investigators go as far as to say Microsoft has participated in a “large scale and covert collection of personal data” through Office 2016 and Office 365.
Eight points of interest have been identified, including a lack of option to turn off Microsoft Office telemetry data collection. Furthermore, the investigators say they were unable to find any documentation highlighting what data Microsoft gathers.