European Commission’s use of Microsoft 365 infringes data protection law for EU institutions and bodies (www.edps.europa.eu)

submitted 6 months ago by JRepin@lemmy.ml to c/europe@lemmy.ml

9 comments fedilink hide all child comments

Following its investigation, the EDPS has found that the European Commission (Commission) has infringed several key data protection rules when using Microsoft 365. In its decision, the EDPS imposes corrective measures on the Commission.

The EDPS has found that the Commission has infringed several provisions of Regulation (EU) 2018/1725, the EU’s data protection law for EU institutions, bodies, offices and agencies (EUIs), including those on transfers of personal data outside the EU/European Economic Area (EEA).

you are viewing a single comment's thread
view the rest of the comments

[-] maynarkh@feddit.nl 15 points 6 months ago

Does this mean they will ditch Msft or just that they need to click a few checkboxes?

[-] JRepin@lemmy.ml 19 points 6 months ago

They should ditch them for so many other reasons too. Also Public Money, Public Code. Al public institutions should only use libre and opensurce software. The only way to preserve privacy, freedom, and digital sovereignty.

[-] CaptObvious@literature.cafe 8 points 6 months ago

Some European entities have already jumped to LibreOffice. It’s a European-made drop-in replacement. I’m surprised at them not simply ordering the Commission to switch immediately.

[-] joeldebruijn@lemmy.ml 3 points 6 months ago

LibreOffice by itself isn't a drop in replacement for Office365.

LibreOffice + NextCloud + Jitsi/Bluebutton + Grafana + bunch of other services together could be.

If NextCloud does the storage / mail / calendaring/ contacts / tasks / notes etc.

And if the hoster ties some loose ends for Forms, Powerautomate, Kanban oh and everything Azure.

[-] RedstoneValley@sh.itjust.works 2 points 6 months ago

Nextcloud? As an enterprise grade solution? That's just ridiculous, sorry.

[-] joeldebruijn@lemmy.ml 2 points 6 months ago

Then we can safely agree just LibreOffice alone and by itself is even more "ridiculous" I think.

Also "could be" icw "loose ends" carry a lot of weight I think.

Also Enterprise differ in requirements so there are organizations for which current NC would suffice.

[-] BrikoX@lemmy.zip 8 points 6 months ago

At least temporarily, yes.

The EDPS has therefore decided to order the Commission, effective on 9 December 2024, to suspend all data flows resulting from its use of Microsoft 365 to Microsoft and to its affiliates and sub-processors located in countries outside the EU/EEA not covered by an adequacy decision. The EDPS has also decided to order the Commission to bring the processing operations resulting from its use of Microsoft 365 into compliance with Regulation (EU) 2018/1725. The Commission must demonstrate compliance with both orders by 9 December 2024.

Source: https://www.edps.europa.eu/system/files/2024-03/EDPS-2024-05-European-Commission_s-use-of-M365-infringes-data-protection-rules-for-EU-institutions-and-bodies_EN.pdf

this post was submitted on 11 Mar 2024

99 points (100.0% liked)

Europe

3871 readers

37 users here now

Europa

founded 5 years ago

MODERATORS

AdAstra@lemmy.ml