Microsoft announced it is updating the privacy provisions in the Microsoft Online Services Terms (OST) commercial cloud contracts amid ongoing investigations by the European Union (EU). The European Data Protection Supervisor (EDPS) launched an investigation into Microsoft earlier this year to see whether the contractual agreements concluded between Microsoft and the EU institutions were fully compliant with data protection rules. 

In the updated OST, Microsoft stated that it will assume the role of the data controller when processing data for specified administrative and operational purposes. The cloud services covered by this contractual framework include Azure, Office 365, Dynamics and Intune. The subset of data involves account management, financial reporting and combating cyberattacks. 

GDPR one year later: Slow compliance, lax enforcement
It’s time for data privacy legislation 
Microsoft wants the US to follow the EU and establish new data privacy laws

“The change to assert Microsoft as the controller for this specific set of data uses will serve our customers by providing further clarity about how we use data, and about our commitment to be accountable under GDPR to ensure that the data is handled in a compliant way,” Julie Brill, corporate vice president for global privacy and regulatory affairs ant chief privacy officer at Microsoft, wrote in a post.

The EDPS investigation was launched in April, and though it is still going the preliminary results found “serious concerns over the compliance of the relevant contractual terms with data protection rules and the role of Microsoft as a processor for EU institutions using its products and services,” according to this post.

The EDPS advises stronger cooperation to better protect the rights of individuals and not just to public and private bodies in the EU. 

“At Microsoft we consider privacy a fundamental right, and we believe stronger privacy protections through greater transparency and accountability should benefit our customers everywhere,” Brill wrote. 

Additionally, Microsoft announced that it will offer the new contractual terms to all of its commercial customers public sector and private sector, large enterprises and small and medium businesses globally at the beginning of 2020. 

“We remain committed to listening closely to our customers’ needs and concerns regarding privacy. Whenever customer questions arise, we stand ready to focus our engineering, legal and business resources on implementing measures that our customers require. At Microsoft, this is part of our mission to empower every individual and organization on the planet to achieve more,” Brill wrote.