Microsoft has anounced this week that it was updating the privacy provisions of its commercial cloud contracts. The move follows the discovery by European regulators that its deals with European Union institutions failed to protect data in line with EU law.
The EDPS, the EU’s data watchdog, opened an investigation in April to assess whether Microsoft’s contracts with the European Commission and other EU institutions met data protection rules. It raised concerns about compliance in October.
In a statement on its website addressing the issue, Microsoft said: “We will increase our data protection responsibilities for a subset of processing that Microsoft engages in when we provide enterprise services.”
The company, the only major cloud provider to offer such terms in the European Economic Area and beyond, expects to offer the new provisions to public sector and enterprise customers in early 2020.