The changes will be implemented from 2020
After concerns raised by the European Union data protection administration about privacy, Microsoft will change its policies regarding commercial cloud contracts. This is a success for European data protection. The new policies will imply Microsoft’s commercial consumers irrespective of size and sector. The changes will be implemented in new contracts and will be given to all customers from next year.
The supervisor of Europe’s data protection agency has warned Microsoft in October this year. The agency has issued a notice to the company that initial investigation into contractual policies of the company has pointed out some severe compliance issues. As a data processor, Microsoft was unable to comply with some of the rules of EU data protection.
Some terms are non-compliable to the rules of European Union data protection
Julie Brill, Microsoft’s Corporate VP for Global Privacy and Regulatory Affairs and Chief Privacy Officer, elaborated that the company is in the process to bring changes to the Online Services Terms of its commercial cloud contracts due to some negative response from the customers. She said, “The changes we are making will provide more transparency for our customers over data processing in the Microsoft cloud.
Currently, Microsoft recognizes itself as a data processor which is not equal to a data controller, who has administrative and operations function under its control. As per the rules of General Data Protection of Europe, a data controller has a greater commitment to managing personal data with responsibility as per Article 5 of the GDPR.
As per the rules, Microsoft’s existing commercial contract structure stands a risk for EU institutions. This means the data of the users might end up processed in a lower standard of legal protection than deserved.