In its judgment of 16 July 2020 (Case C-311/18), the European Court of Justice (ECJ) declared the European Commission's Decision 2016/1250 on the transfer of personal data to the USA (Privacy Shield) invalid. At the same time, the ECJ found that Commission Decision 2010/87/EC on Standard Contractual Clauses (SCC) remains valid in principle.
Microsoft has reacted to the ECJ ruling and further recommendations of the European Data Protection Advisory (EDSA) and added the Additional Safe Guards to the standard contractual clauses integrated in customer contracts with the latest update of the Data Protection Addendum for Microsoft Online Services (DPA) dated 9 December 2020 (Annex 2, Appendix 3).
The statements contained in this latest addendum to the Data Protection for Microsoft Online Services regarding validity and applicability to existing and future licence agreements raise the following question: To what extent does this addendum apply to the contract scenario currently in place with our customers?
In this regard, Microsoft has now made another document available upon request, the Supplemental Agreement to the Applicable DPA.
In our view, this answers the above question on the applicability of the new DPA to currently existing licence agreements.
However, we would like to point out that Sycor IQ Solutions GmbH merely provides these documents from Microsoft. A legal review of the document content is not associated with this.
For legal advice regarding the contractual provisions on data protection provided by Microsoft, please contact an appropriately specialised lawyer.
For direct contact with Microsoft on data protection issues, a link is provided on pages 12 and 13 of the above. DPA mentioned above, as well as the data protection representative responsible for the European Economic Area.