European Data Protection Supervisor (EDPS) is investigating how EU institutions use cloud computing services from Microsoft and Amazon expressing concern about the transfer of European’s personal data to the US that is considered to have more slack legislation for privacy protection.
The investigation includes the EU Commission’s use of Microsoft Office 365.
EDPS said the investigations are made to secure that ongoing and future international transfers are carried out according to EU data protection law.
“The EDPS’ analysis shows that because of diverse processing operations, in particular when using tools and services offered by large service providers, individuals’ personal data is transferred outside the EU and to the United States (US) in particular.”
EDPS said EU bodies were relying more and more on cloud-based software and cloud infrastructure or platform services from large US ICT providers which are subject to legislation that allows disproportionate surveillance activities by the US, authorities.