Microsoft O365 and the European GDPR

Some customers ask us explanations about cloud services Office 365 and Gsuite (now Workspace) when it comes to GDPR that is the European legislation on data protection that serves to protect the privacy of European citizens.This article aims to shed some light on the subject without going into too much technical detail but providing some common links to institutional sites for those who want to deepen.Office 365 and Google Workspace are cloud services (saas) run by US corporations that store your data in their own data centers which can be in the US or Europe.Qualcuno potrebbe pensare che sia sufficiente che i dati siano in EU per essere GDPR compliant ma in realtà non è così semplice perché il GDPR prevede limitazioni nel trasferimento dei dati da parte delle corporations USA verso altri paesi sulla base di accordi bilaterali tra USA ed EU che al momento sono incompleti.The European court has in fact invalidated the agreement between the United States and the European Union called Privacy Shield, which regulated the transfer of data from the EU to the US and replaced the previous agreement called Privacy Shield “safe harbour”.This is because the EU believes that the data of European citizens are abused and processed illegally not only by American corporations but also by various government agenciesI enclose a link to the recently updated European community site that goes into detail on the subject.https://joinup.ec.europe.eu/collection/joinup/news/privacy-shield-invalidationfrom which the following paragraph can be extracted :“There are the usual attempts to downplay the issue, legitimize the use of standard contractual clauses, and generally ignore the fact that as of 16/07/2020 it has been confirmed that for many years data transfers and processing by US entities have been performed illegally.”Specifically, the EU finds that Microsoft systematically uses data illegally beyond the continuous declarations to respect the privacy of European citizens.In addition, Trump has enacted the Cloud Act, which strengthens the power of US government agencies (eg. NSA) to be able to use the data of American corporations for national interests, thus moving further away from the European GDPR.We are therefore faced with a real tug-of-war that sees no solution, other countries such as China and Russia have effectively banned the use of US cloud platforms and have equipped themselves with their own infrastructure and we start talking about “digital colonialism” also in Italy.I enclose a link to the digital agenda of the Italian government.https://www.agendadigital.eu/security/europe-post-privacy-shield-and-lopen-source-the-way-out-of-digital-colonialism/Utixo while reselling Microsoft Office 365 and Google Workspace solutions in fact also offers a proprietary infrastructure for the management of mail similar to Office 365 using the same technologies (Hosted Exchange) but under its own control therefore GDPR compliant.We remain at your disposal for further information on this topic.

Post Your Comment

Your email address will not be published. Required fields are marked *

Copyright © 2021 Utixo