Microsoft has announced an update to its cloud contract terms, one that brings it into greater compliance with EU privacy laws.
In October, Reuters reported that an EU probe voiced serious concerns that Microsoft’s contract terms violated the GDPR, the comprehensive privacy laws the EU adopted last year.
“Though the investigation is still ongoing, preliminary results reveal serious concerns over compliance of the relevant contractual terms with data protection rules and the role of Microsoft as a processor for EU institutions using its products and services,” said the EU watchdog EDPS in a statement.
To address those concerns, as well as respond to customer feedback, Microsoft has updated its terms, bringing them inline with the GDPR.
“At Microsoft, we listen to our customers and strive to address their questions and feedback, because one of our foundational principles is to help our customers succeed. Today Microsoft is announcing an update to the privacy provisions in the Microsoft Online Services Terms (OST) in our commercial cloud contracts that stems from additional feedback we’ve heard from our customers.
“Our updated OST will reflect contractual changes we have developed with one of our public sector customers, the Dutch Ministry of Justice and Security (Dutch MoJ). The changes we are making will provide more transparency for our customers over data processing in the Microsoft cloud.
“Microsoft is currently the only major cloud provider to offer such terms in the European Economic Area (EEA) and beyond.
“We are also announcing that we will offer the new contractual terms to all our commercial customers – public sector and private sector, large enterprises and small and medium businesses – globally. At Microsoft we consider privacy a fundamental right, and we believe stronger privacy protections through greater transparency and accountability should benefit our customers everywhere.
“Before and after GDPR became law in the EU, Microsoft has taken steps to ensure that we protect the privacy of all who use our products and services. We continue to work on behalf of customers to remain aligned with the evolving legal interpretations of GDPR.”