by Joana Campos e Matos (Senior Consultant at Vieira de Almeida & Associados)

▪

On May 27, 2021, the European Data Protection Supervisor (“EDPS”) announced that it has opened two investigations regarding the use of Amazon and Microsoft services by European Union institutions (EUIs)^[1].

In a press release, the EDPS announced the opening of two investigations, one concerning the use of cloud services provided by Amazon Web Services and Microsoft under Cloud II contracts by European Union institutions, bodies and agencies and the other regarding the use of Microsoft Office 365 by the European Commission.

The EDPS underlined that these investigations are part of the EDPS’ strategy for EU institutions to comply with the “Schrems II” Judgement^[2].

1. Legal framework for international data transfers by EUIs

According to the Regulation (EU) 2018/1725 ^[3], international data transfers^[4] are only permitted if the third country to which the data are transferred, ensures that the conditions set out in the Regulation are respected, in such a way that the level of protection of natural persons guaranteed by the Regulation is not undermined (Article 46). Thus, data transfers to countries located outside the European Economic Area (“EEA”) can only occur within the strict terms provided for by the Regulation.

Continue reading “The Schrems II Judgment: First two investigations by the European Data Protection Supervisor” →