Just a day after
The Dutch government, in its capacity of a Microsoft client, funded a report conducted by the Privacy Company, a Hague-based consultancy firm to clarify whether the diagnostic data in the Office Pro Plus was in line with the Dutch law and Europe's General Data Protection Regulation privacy law ( GDPR). It is worth mentioning that Office Pro Plus also features some Microsoft programs.
After analyzing the report, the Netherlands' Ministry of Justice expressed concerns that some popular programs were sending sensitive diagnostic data from Europe to the US without explicit users' consent.
Microsoft and the Dutch government agreed that the tech giant would make the necessary updates in its product to guarantee the users' privacy. The changes should take effect by the end of April 2018. According to the ministry spokesperson, in case Microsoft does not respond accordingly to its data privacy concerns, the government may raise the question with European data protection authorities and take relevant measures.
Microsoft expressed its disagreement with some of the conclusions of the report but confirmed it would make the necessary updates to accommodate its customers.
In a statement, Microsoft explicitly pointed out that the Dutch government commissioned the study as a Microsoft customer and not as a regulatory authority, pointing out that its tech team would work closely with the ministry staff to clarify how and what kind of data is gathered.
In general, when Microsoft updates a given product, the updates are valid for its customers worldwide. The company had not yet indicated whether it would be different this time. What is going to happen if Microsoft did not respond adequately to the Dutch government's privacy concerns?
Under the European Union data protection legislation, the Irish Data Protection Commission is the leading authority to guarantee that Microsoft complies with the laws. In case both parties still have disagreements on it, the Netherlands may opt to escalate the issue and lodge a complaint with the Irish regulator.
In the meantime, the European Data Protection Board and the European Data Protection Supervisor would be monitoring the issue, and if needed, they may start their investigation.
The Irish Data Protection Commission has already entered into contact with Microsoft to require additional information on the processing of data, confirmed its spokesperson, highlighting that Microsoft is responding promptly.
Following the news of the last couple of days, one would say that the European governments are determined to fight with the tech giants over the data protection laws. Do you support them in their battle?