Microsoft updates cloud contracts after EU privacy complaints

Microsoft cloud in hands

Microsoft has announced changes to its Online Services Terms for commercial cloud customers after an EU investigation raise concerns about existing policies' compliance with European regulation.

The company bills the changes as the introduction of "more privacy transparency" in the wake of a probe into potential violations of GDPR relating to telemetry data collected from Office 365 users. Microsoft says the new contractual terms will be offered to customers globally, not just within Europe.

See also:

Microsoft's chief privacy office, Julie Brill, says that the changes that are being introduced were developed with the Dutch Ministry of Justice and Security (Dutch MoJ) as well as public sector customers. The Dutch MoJ is involved because this is the group who found that Microsoft Office telemetry collection violated GDPR.

In a blog post about the changes, Brill says:

Through the OST update we are announcing today we will increase our data protection responsibilities for a subset of processing that Microsoft engages in when we provide enterprise services. In the OST update, we will clarify that Microsoft assumes the role of data controller when we process data for specified administrative and operational purposes incident to providing the cloud services covered by this contractual framework, such as Azure, Office 365, Dynamics and Intune. This subset of data processing serves administrative or operational purposes such as account management; financial reporting; combatting cyberattacks on any Microsoft product or service; and complying with our legal obligations.

The change to assert Microsoft as the controller for this specific set of data uses will serve our customers by providing further clarity about how we use data, and about our commitment to be accountable under GDPR to ensure that the data is handled in a compliant way.

She goes on to explain: "Meanwhile, Microsoft will remain the data processor for providing the services, improving and addressing bugs or other issues related to the service, ensuring security of the services, and keeping the services up to date".

Microsoft will introduce the changes in all new contract provisions globally from the beginning of 2020.

Image credit: Emilija Miljkovic / Shutterstock

© 1998-2019 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.