Someone mentioned that M365 is properly not legal. Guess what, it isn’t.

The EDPS (European Data Protection Supervisor) investgated the EU-Commissions’ use of M365 and found it to be illegal in march 2024. EPDS gave the Commission until December 2024 to, among other things, stop transfers of Personal Information to third countries in M365 outside the EU. Which of course made the Commission sue the EDPS. And MS to do the same…

So M365 is NOT legal to use for any Public Institution in the EU. Unless the Controller make Microsoft change their DPA, contract etc. Kinda like MS did for the Dutch government after the dutch firm Privacy Company made an in depth analysis of M365 and found numerous illegal processing etc.

Fun how Microsoft was made aware of how they acted illegal, and changed it - only for the Dutch Government…!! The rest of their Customers still have the illegal DPA, terms etc… Also fun how it is Common knowledge and IT-departments still choose to use M365, and move as much as possible there from more privacy and security oriented services.

EDPS investigation into the Commissions use of M365: https://www.edps.europa.eu/press-publications/press-news/press-releases/2024/european-commissions-use-microsoft-365-infringes-data-protection-law-eu-institutions-and-bodies_en

My point? EU-Linux is a fantastic idea! 🙂