The European Union’s data protection supervisor said on Monday it is investigating whether products provided by software giant Microsoft to EU institutions comply with its new data protection rules.
In November the Dutch government raised concerns in a report about the collection of data done through Microsoft ProPlus, which includes popular software such as Microsoft Word writing software and Microsoft Outlook email.
“Any EU institutions using the Microsoft applications investigated in this report are likely to face similar issues to those encountered by national public authorities,” the European Data Protection Supervisor (EDPS) said in a statement.
EDPS said it suspected that institutions using Microsoft Office ProPlus software might face “increased risks to the rights and freedoms of individuals.”
It said it would check which Microsoft applications are used by EU institutions. Its investigation will look into whether the contractual arrangements between the U.S. company and EU institutions to process personal data are “fully compliant” with the new General Data Protection Rules (GDPR) that came into force last year.
EU institutions, such as the European Commission and the European Parliament, rely on Microsoft services and products to carry out their daily activities, the supervisor said.