INSUBCONTINENT EXCLUSIVE:
Following a recent EU investigation, Microsoft has announced that it will update its privacy provisions for commercial cloud contracts to
provide customers with greater transparency.The investigation itself was conducted by the European Data Protection Supervisor (EDPS) which
was looking into the software giant's contracts with the European Commission and other EU bodies
EDPS found that Microsoft had failed to protect customer data in accordance with EU law.The EDPS began its investigation into Microsoft's
cloud contracts after the Dutch Ministry of Justice found back in April that telemetry data the company collected from Office 365 ProPlus
and Office 365 users violated GDPR.However, a new agreement between Microsoft and the Dutch Ministry of Justice (MoJ), which added
contractual and technical safeguards to mitigate risks to individuals, was seen as a “positive step forward” by EDPS which is why the
company's updated privacy provisions will reflect the contractual changes it developed with the Dutch MoJ.Microsoft is in the process of
updating the privacy provisions in the Microsoft Online Services Terms (OST) to provide more transparency to its customers regarding how
data is processed in the Microsoft cloud.These new contractual terms are not only being offered to institutions in the EU but will be
available globally to all commercial customers in both the public and private sectors regardless of the size of their
organizations.According to corporate vice president for global privacy and regulatory affairs and chief privacy officer at Microsoft, Julie
Brill, the company plans to offer all commercial customers the new contractual terms at the beginning of next year
She also explained how Microsoft will assume the role of data controller in the OST update in a blog post, saying:“Through the OST update
we are announcing today we will increase our data protection responsibilities for a subset of processing that Microsoft engages in when we
provide enterprise services
In the OST update, we will clarify that Microsoft assumes the role of data controller when we process data for specified administrative and
operational purposes incident to providing the cloud services covered by this contractual framework, such as Azure, Office 365, Dynamics and
This subset of data processing serves administrative or operational purposes such as account management; financial reporting; combatting
cyberattacks on any Microsoft product or service; and complying with our legal obligations.”Via Neowin
