EU Commission must remediate Microsoft 365 problems & other privacy rule violation
The European Data Protection Supervisor (EDPS), which oversees EU institutional privacy compliance, found the EU Commission in violation of GDPR through its use of Microsoft 365. This includes neglecting to implement adequate safeguards for data transfer and failing to specify types and purposes for personal data collection. Corrective measures will include suspension of data flows to Microsoft and its affiliates in non-EU/EEA countries that lack adequacy decisions, and aligning data processing with regulations.