The European Data Protection Supervisor has "serious concerns" over Microsoft Corp.'s compliance with data protection rules in relation to the company's contractual terms with European Union institutions.
A separate risk assessment conducted by the Dutch Ministry of Justice and Security revealed public authorities in the EU's member states face similar issues, the EDPS said.
The EU data protection authority's statement forms part of its preliminary findings on an investigation, which was launched in April into the U.S. company. The body investigated Microsoft products and services used by institutions in the EU and compliance with data protection rules in the bloc. It also looked into whether appropriate measures are in place to mitigate risks to the data protection rights of individuals when EU institutions use Microsoft products and services.
"Cooperation between public authorities in the member states, EU institutions and other international organisations is essential to ensure that contractual arrangements and measures with Microsoft provide the same level of protection for individual rights throughout the European Economic Area," the EDPS said.
In response, a Microsoft spokesman told Reuters that the company is in discussions with its customers in the EU and will reveal contractual changes to address the EDPS's concerns.