After applying the GDPR (General Data Protection Regulation) in all the member states of the European Union the EU has found itself facing a problem that is not easy to manage: the companies propose contracts whose clauses guarantee the observance of the Regulation, but how to verify that the latter is respected?
The only viable solution is that of constant checks on the operations of the companies, a task that is not always easy given that they often take advantage of outsourced services that have access to user data. In this regard it is possible to cite the case of theEDPS (European Data Protection Supervisor) that would give rise to an investigation into Microsoft.
According to the European Data Protection Supervisor, the analysis of supply relationships between the Redmond House and the EU would have generated some doubts regarding the way in which the company guarantees the respect of the privacy. The investigations, however, would still be in progress and what emerged from the preliminary phases could be denied or confirmed in the coming months.
This assessment would follow the concerns expressed by the Data Protection Agency Dutch who in 2017 asked the group led by Satya Nadella to change the ways in which the Windows 10 operating system gathered information about its users. A similar initiative was also taken in France by the CNIL, the National Commission for the Protection of Transalpine Data.
In the absence of an official ruling, relations between the European Ombudsman and Microsoft would appear to be favorable to the collaboration. The company would have already decided to intervene on the critical issues highlighted by the EDPS and to apply all the corrective measures necessary to ensure maximum compliance with the GDPR even in the post-contractual phase.