News

EU Commission must remediate Microsoft 365 problems & other privacy rule violation

The European Data Protection Supervisor (EDPS), which oversees EU institutional privacy compliance, found the EU Commission in violation of GDPR through its use of Microsoft 365. This includes neglecting to implement adequate safeguards for data transfer and failing to specify types and purposes for personal data collection. Corrective measures will include suspension of data flows to Microsoft and its affiliates in non-EU/EEA countries that lack adequacy decisions, and aligning data processing with regulations.

More News

Next Article

Italy fines UniCredit $3.1M; investigates OpenAI’s “Sora”

March 12, 2024

Italy’s Garante, one of the EU’s most proactive regulators, has fined the country’s second largest bank, UniCredit, and has launched an investigation of a new OpenAI product. The €2.8 million (~US$3.1 million) UniCredit fine, which the bank plans to appeal, is in response to a 2018 data breach that may have impacted thousands of customers. The OpenAI Sora investigation is to clarify how the new algorithm, which creates short videos from text instructions, is trained, to understand what data it will collect, and to determine compliance with EU regulations.

CDPI Privacy Newsletter
Featured Article

CDP mParticle Sold to Rokt for $300 Million

January 17, 2025

CDP mParticle is being acquired by ecommerce platform Rokt for a price of $300 million.  It’s the third acquisition of a leading independent CDP in a little over one month, following Uniphore’s purchase of ActionIQ and Contentstack’s purchase of Lytics. All three buyers offer some type of customer-facing technology; apparently they’ve decided that adding real-time profiles from CDP will give them a competitive edge.  (See this blog post for more analysis.)

CDPI Newsletter