EDPS opens inquiries after the Schrems II judgment

On May 27, 2021, the European Data Protection Supervisor (the “EDPS”) announced that he had initiated two investigations into (1) the use of cloud services by Amazon Web Services and Microsoft under Cloud II contracts European Union institutions and bodies are deployed and agencies; and (2) the use of Microsoft Office 365 by the European Commission.

These investigations are part of the EU institutions’ strategy to comply with the Schrems II judgment of the Court of Justice of the European Union.


On the basis of the Schrems II judgment, the data controllers rely on a transfer mechanism in accordance with Article 46 of the General Data Protection Regulation of the EU (“GDPR”) to transfer personal data outside the European Economic Area (“EEA”) (“data exporters”). must check on a case-by-case basis and, if necessary, in cooperation with the data importers, whether the law of the importer’s country guarantees a level of protection for personal data that essentially corresponds to the protection of the EEA. If not, data exporters need to consider whether they can take additional measures to ensure the required level of protection.

According to Wojciech Wiewiórowski, EDPS, the EU institutions “need to lead by example when it comes to privacy and data protection”.

Read the computerized press release.

Comments are closed.