Microsoft has unveiled changes to its commercial cloud contracts after EU regulators warned the company may be breaching data privacy laws.
The European Data Protection Supervisor (EDPS) last month said it had “serious concerns” about Microsoft’s compliance with data protection rules and the use of its services by EU institutions.
Microsoft today acknowledged that it is a data controller – a designation that means it will take on greater responsibilities under the EU’s General Data Protection Regulation (GDPR).
“The change to assert Microsoft as the controller for this specific set of data uses will serve our customers by providing further clarity about how we use data, and about our commitment to be accountable under GDPR to ensure that the data is handled in a compliant way,” said Julie Brill, Microsoft’s vice president for global privacy and regulatory affairs and chief privacy officer.
The company will also offer new contractual terms to its commercial customers in both the public and private sectors – a move Brill said would create greater transparency.
The changes come after the Dutch Ministry of Justice and Security (MOJ) commissioned a review into the use of Microsoft Office Proplus amid concerns it was sending large amounts of data from Europe back to the US.
Read more: Cloud computing drives Microsoft revenue up
Microsoft initially developed contractual changes with the Dutch MOJ, but will now roll them out to global customers.
The firm said it has begun work to introduce the new privacy terms and expects to offer the new contract from the beginning of next year.
Main image credit: Getty