The European Data Protection Supervisor (EDPS) has found that the European Commission’s use of Microsoft 365 infringes several key data protection rules. The Commission did not sufficiently specify the types of personal data collected and their purposes. The EDPS has imposed corrective measures requiring the Commission to address these compliance issues by December 9, 2024. The Commission must also suspend all data flows resulting from its use of Microsoft 365 to Microsoft and its affiliates located in countries outside the EU/EEA not covered by an EU adequacy decision on data transfers.
Read more at: techcrunch.com