Concern over EU breaching own data rules

Newswire International 8 hours ago
y

The European Union’s executive, the European Commission, may be breaching the bloc’s own institutional data protection rules, according to the Belgium-based online news site Euractiv.

Quoting internal documents from the commission, Euractiv said officials fear their heavy reliance on United States technology giant Microsoft and its Microsoft365 program may put them at odds with rules that call on institutional users in the EU to avoid non-European companies and any resulting security and privacy concerns.

Euractiv said the EU’s independent data protection watchdog, the European Data Protection Supervisor, or EDPS, had asked the commission to ensure its use of Microsoft software was fully compliant with the rules, which Euractiv said meant it must use “less intrusive software”. But the website said “little has been done in this regard”.

The European Commission document highlights the fact that there are few alternatives, stating: “There are no known credible offerings from European providers.”

The document said the commission’s reliance on Microsoft software had been of particular concern to the French authorities, which had complained about “the potential risks associated with the use of US-based solutions”.

The bloc is understood to want to avoid using major US companies over fears excessive power could end up in the hands of a small number of non-European enterprises. It fears that could lead to companies hiking prices, or making it difficult for the EU to migrate data to other systems. The reliance on Microsoft software under the current contract could also mean the bloc is failing to provide sufficient safeguards to prevent illegal transfers of data to countries with insufficient privacy legislation, and the unauthorized disclosure of personal data.

European Commission spokesperson Thomas Regnier told Euractiv the EU is monitoring its options.

“However, at this point in time, no functionally equivalent alternatives to a platform like Microsoft365 have been identified,” he said.

Despite the EDPS concerns, the European Commission has publicly stated it believes “its deployment of Microsoft365 is compliant with the requirements of (the data protection act) and that it has sufficiently demonstrated this during the EDPS investigation”.

The concern about the possible overreliance on Microsoft365 came as the EU’s General Court ruled against the European Commission in another area: its failure to follow its own data protection regulations in regard to a German citizen who wanted to access an EU conference.

The court ruling on Wednesday found the commission had transferred the claimant’s personal data to the US without proper safeguards.

Reuters said the court heard the claimant had used the “sign in with Facebook” option on the EU login page to register for a conference, and that the subsequent transfer of his IP address to Meta Platforms in the US violated the EU’s data protection rules, ordering the commission to pay the claimant 400 euros ($412) in damages.

You may have missed

hff

Bilawal Bhutto holds meetings with party leaders

Newswire International 8 hours ago
gdf

Naqvi bids farewell to US Ambassador Donald Blome

Newswire International 8 hours ago
fd

Pakistan’s remittance inflow at $3.1bn in December 2024, up 6% month-on-month

Newswire International 8 hours ago
gd

Indonesia terms Pakistan key partner

Newswire International 8 hours ago
b

Pakistan urges dialogue to lower tensions on Korean peninsula

Newswire International 8 hours ago