EU Data Supervisor Probes EU Bodies' Software Deals with Microsoft

EU data protection authorities are investigating whether the European Commission and other EU institutions comply with the bloc's strict data privacy rules in their software deals with Microsoft. From a report: The 28-country European Union adopted the landmark General Data Protection Regulation (GDPR) about a year ago, giving Europeans more control over their online information and privacy enforcers the power to impose hefty fines. The European Data Protection Supervisor (EDPS), which monitors the bloc's 70 institutions on their GDPR compliance, launched its investigation on Monday. The probe will look into the Microsoft products and services used by the institutions and whether the contractual agreements between them and the U.S. software company are GDPR-compliant. "When relying on third parties to provide services, the EU institutions remain accountable for any data processing carried out on their behalf," said Assistant EDPS Wojciech Wiewiorowski

This time it's about Microsoft

This time it's EU vs. Microsoft. Let's place bets. I bet that this time nobody will start any anti-EU comment. Because it's about Microsoft. When it's about Google the anti-EU people flock like sheep.

You'll see.

Re:This time it's about Microsoft

There's a difference in investigating MS and investigating contracts made by EU bodies with MS. Try to figure it out.

Re:This time it's about Microsoft

Your bet operates under the assumption that the trolls care about anything else than trolling.

Re:This time it's about Microsoft

All the EU data privacy regulations are just another EU financial shakedown of companies more successful than any thing the EU can create. The EU data privacy regulations levy huge financial penalties on the victims of a crime. And yes the companies that get exploited are victims of a crime that propagates to those who have their data exposed in any fashion. A company could take every pre-caution and work diligently to maintain a secure environment and still get exploited. When this happens large penalties are accessed on the company. There is not a computer system or encryption protocol on the world that is invulnerable to attacks.

Not Europeans. Only EU members.

There's still European countries that haven't been swallowed by the EU, or are about to be dumped out, you know?

Like Russia, to name a prominent example.

Or is this just a US-Americanism. Like Americans == USA. Or Asians == East-Asians. Or how "Africa" is treates like a country.

P.S.: I'm against closed-off nationalism *and* globalist fascism by the way, so in the Brexit vs EU debate I bring out the popcorn and no matter who's on the receiving end, every punch is a winner! :) Judge my comment by the topic though. This paragraph exists only to delude myself in thinking it would fend off the inevitable triggered prejudice.

If they are running Windows 10...

And it is not an Enterprise/Government Edition deployment with telemetry turned off, they definitely are not. Go read the EULA for Windows 10 Home/Professional. It explicity gives Microsoft the right to snoop on both your keystrokes/mouse movement as well as file names/hashes, and even if they determine it is necessary (quite a vague definition here) they can upload files from your computer, as well as mirror them into the cloud.

So yeah Microsoft projects from Windows 8/10 and up are definitely NOT GDPR compliant.

Re:If they are running Windows 10...

So yeah Microsoft projects from Windows 8/10 and up are definitely NOT GDPR compliant.

Actually they are. I don't know why you think a company storing personal information cannot be GDPR compliant, they just need to provide users the ability to delete that data and they do that via the Privacy Dashboard.

I know it's popular to bash Microsoft around here but your post just demonstrates a fundamental misunderstanding of what the GDPR is.

Well of course...

[argStyopa]

...I mean, if they can rake in â14.3 bn "pure profit" just by sniffing through Ireland's tax deal with Apple, there's probably at least another â100bn out there in stuff they can creatively fine against.
I mean, there might be countries that object to having their lack of sovereignty rubbed in their face, but the Irish certainly were servile enough that the EU would be encouraged to try again.

Re:Well of course...

If the Irish didn't want to have less sovereignty on those matters then they shouldn't have benefitted from the EU rules either. Without those EU rules (eg single market) they wouldn't have made such a deal in the first place because why would Apple would want to to be based in Ireland if they didn't have access to the EU single market?
It's all fun and games when countries take advantage of the common rules but they cry about sovereignty when the same rules come to bite them.

Re:Well of course...

[AxeTheMax]

Well, if you weren't wedded to the typical right wing American idea of blaming everything on intrusive big government, then you might see it for what most see it as. That is that governments should be stopped from making secret sweetheart deals with chosen big companies, instead of applying the rules to everyone alike.

Re:We got the first anti comment!

So what's the idea here?
Pretending that there aren't anti-EU, anti-American, anti-Russian, anti-Chinese, anti-Microsoft, anti-Intel, anti-nVidia comments that can be found in corresponding news articles here on Slashdot?
Pretending that there are no ACs that seem to have some kind of personal vendetta against registered Slashdot users?
Pretending that you can't find ASCII art swastikas in almost every other comment section?
Pretending that these things haven't lowered the bar over time and aren't continuing to do so?

Will not acknowledging that there is some kind of issue, hoping that the attention craving people, will go away by themselves?

Executive Summary

[WillAffleckUW]

They don't comply with GPDR.

At all.