The controversy over the use of Microsoft 365 by the EU Commission and its subordinate authorities is reaching a fever pitch. EU data protection officer Wojciech Wiwiorowski found in March that a Brussels government institution had used a cloud-based office package unlawfully in light of the “Schrems II judgment” of the European Court of Justice. They ordered the Commission to suspend all data flows resulting from the use of Microsoft 365 to Microsoft and its affiliates and sub-processors in countries outside the European Union or the European Economic Area (EEA) until December 9, 2024. But a Commission spokesperson told Heise Online that they see no reason to abandon MS365.
Advertisement
EU data protection authorities and the Commission agree on the use of Microsoft 365There is a deadlock on the fronts. Wivorowski Followed by the deadline set by them And underlined that its March decision “remains in full force.” The Commission does not want to know anything about this. The spokesperson stressed that they are of the opinion that their use of MS365 complies with legal requirements and that they have “adequately demonstrated this” during the EU data protection officer’s investigation. “The Commission’s commitment to safeguarding data protection rules remains unwavering and it will continue to maintain the highest standards of compliance with these rules.” On 6 December, the executive authority submitted the requested compliance report to Wiworowski along with relevant documents.
Commission sees no real alternative to Microsoft
The EU Data Protection Officer has confirmed receipt of the documents, but the Commission is still considered obliged to forgive MS365, at least for the time being. His office is currently reviewing the information provided to assess whether the Commission has complied with the March decision. Given the size of the input and the complexity of the processing operations involved, this analysis “must be performed thoroughly within a reasonable time frame”. At the same time, Wiworowski announced that he would not make any further comments on the case as the Commission had opposed his decision and related proceedings were ongoing before the EU General Court (case numbers: T-262/24 and T-265 / 24).
In early 2020, Wiworowski also called on the Commission to explore alternatives to MS365 that “allow higher data protection standards”. However, the government body has done very little in this direction so far. “There are no known reliable offers from European providers,” Quotes Euractive From an internal Commission document. However, French authorities have expressed particular concern about potential risks “associated with the use of solutions based in the United States.” A report by the Directorate General for Digital Services also addressed “the excessive power of some non-European companies, the risks associated with a single provider (price increases, migration difficulties) and the potential loss of internal skills”.
Wiworowski is open for re-election
According to Euractiv, the Directorate-General also praises the initiative of Member States to develop open and sovereign alternatives to Microsoft in the pursuit of digital sovereignty. However, internally, she only sees it as a “potential addition” to small IT projects with “very limited scope”. In a study by the Ministry of the Interior in 2019, auditors in this country noted “pain points in the federal administration” caused by the reliance on Microsoft products that have been criticized for years. The Center for Digital Sovereignty (ZENDIAS) is now promoting the Windows alternative OpenDesk. Schleswig-Holstein wants to completely separate from Microsoft.
How the controversy continues will also depend on whether Wiworowski is re-elected after his term officially ends in December. Competing for the post are Bruno Gencarelli from the Directorate-General for Justice and Consumers, who may be less critical of the Commission, François Pellegrini, former vice-president of the French data protection authority CNIL, and data protection officer Anna Pouliou. European Organization for Nuclear Research (CERN). The EU Parliament’s internal committee is moving forward on Thursday hearing of candidates,
(Old)
Zuckerberg and Musk: EU tech commissioner defends himself against censorship allegations
