EU: EDPS launches two investigations following Schrems II judgment
The European Data Protection Supervisor ('EDPS') announced, on 27 May 2021, that it had launched two investigations, one regarding the use of cloud services provided by Amazon Web Services and Microsoft under the Cloud II contracts by European Union institutions, bodies, and agencies ('EUIs') and one regarding the use of Microsoft Office 365 by the European Commission, following the Court of Justice of the European Union's judgment in Data Protection Commissioner v. Facebook Ireland Limited, Maximillian Schrems (C-311/18) ('Schrems II').
In particular, the EDPS noted that these investigations are part of the EDPS' strategy for EU institutions to comply with the Schrems II judgment so that ongoing and future international transfers are carried out according to EU data protection law. In addition, the EDPS noted that the objective of the first investigation is to assess EUIs' compliance with the Schrems II judgment when using cloud services provided by Amazon and Microsoft Web Services under the so-called 'Cloud II contracts' when data is transferred to non-EU countries, in particular to the US.
Lastly, the EDPS notes that the objective of the second investigation into the use of Microsoft Office 365 is to verify the European Commission's compliance with the recommendations previously issued by the EDPS on the use of Microsoft's products and services by EUIs.
You can read the press release here.