
EU data watchdog raises concerns over Microsoft contracts - stiray
https://www.reuters.com/article/us-eu-dataprotection-microsoft/eu-data-watchdog-raises-concerns-over-microsoft-contracts-idUSKBN1X00WF
======
K0SM0S
Tangent, out-of-the-box and more 'LTS' solution:

What if the entire machinery known as "State" (govs, senates & assemblies,
justice, agencies) realized that the logical long-term choice is to develop
and maintain open-source software for _pretty much anything they do_ , so as
to effectively 1. enrich the 'national' or 'regional' wealth of all citizens
and 2. contribute to technology in a historical way?

Nuance: I'd qualify the whole endeavor a 'mildly massive untertaking', it's
not a switch but a decade-long effort. Bigger than the longest of usual "LTS".
But the benefits, in terms of saved money (lower taxes?), quality of service
(if _any citizen can participate_ , whether as programmer or writer or
evangelist or trainer or whatever), security (I'd wager there'd be _enough_
eyeballs to proof this software), and probably 50 other externalities, like
massive general training / jobs, better technical expertise of many state
workers at every level, possible service to citizens (switching them _off_ the
_customer_ status in some domains critical to democracy, especially when it's
free thus they are the product), yadi yada.

The State could be an excellent digital host for itself, and a great steward
for its population, if it addressed the technological matter in a professional
way, with the right heart and the right mind.

If executed superbly, it could qualify as some "8th wonder", the first digital
and truly collective one, to ever be built. A true hallmark of the 21st
century. And we can all, all of us worldwide, participate to make a master;
then proceed to fork based on our local systems —political and technical— and
cultural preferences.

I hope I do not have to explain why I'm a little jaded, a feeling of too much
deja vu and not enough 'tomorrow', when I read such ethical yet misguided
fights. /understanding rant

EU, you have your heart in the right place, your ethics are fair and much
needed in this world, but at our current pace your solutions seem _ancient_
—so 20th century. Think 2030+ _now_ and begin building long-term, towards a
_definitive_ solution. Move the needle, redefine things, fail/break the old
stuff to make room for contemporary greatness. OSS for public software is a
_low hanging fruit_ , however giant, and you'll do the world a fantastic
service worthy of your wealth and values.

 _Source of ideas: I am a concerned French citizen, and being born some 10,000
km away gave me a wider-than-Western-EU perspective of modernity, for some 37
years and counting._

~~~
depressedpanda
I am myself quite baffled as to why governments don't embrace open source to a
higher degree and - more importantly - enforce open standards (no, OOXML does
not count, for obvious reasons).

> The State could be an excellent digital host for itself, and a great steward
> for its population, if it addressed the technological matter in a
> professional way, with the right heart and the right mind.

Given my past experience, that's a very big if, unfortunately. :-(

~~~
TazeTSchnitzel
You need not be baffled. The software industry is good at lobbying.

~~~
squarefoot
A case that deserves to be taken as an example of lobbying: the German city of
Munich, which in 2003 started moving all desktop workstations to Linux, and by
the end of 2012 reported a huge success with savings amounting to 11 million
Euros, but in 2017 they announced they would migrate back to Windows, probably
because of this:
[https://www.novinite.com/articles/155950/Munich+Set+to+Becom...](https://www.novinite.com/articles/155950/Munich+Set+to+Become+Microsoft%27s+Second+Largest+Office+in+Europe)

------
plandis
It’s unclear to me but this sounds like:

1\. EU members signed contracts with Microsoft 2\. EU changed the law 3\.
Contracts are not following the law.

Seems like a great way to have your cake and eat it too. Don’t like the
contracts? Change the law (because you have the power to do so). Seems like
something a dictator would do.

~~~
jmaa
Remember, states (and multistates) are large collections of people. The people
who are negotiating the contracts with companies are most likely several steps
removed from the people who are making laws.

------
WalkTalk
There's gonna be lots of those IMHO. GDPR will change a lot how IT companies
manage their businesses and security as well. And I can't see American
companies complying a lot with EU laws...Tense moment we live in.

~~~
pluma
Well, Microsoft used to offer its cloud services under license via German
Telekom in Germany. They've sunsetted that offering though while announcing a
Microsoft-owned GDPR-compliant server infrastructure in Europe.

They've yet to deliver on that announcement but that seems more like the usual
delays than willful obstruction.

------
Zenst
"The EDPS, the EU’s data watchdog, opened an investigation in April to assess
whether contracts between Microsoft and EU institutions such as the European
Commission fully complied with the bloc’s data protection rules."

Are these contracts signed before GDPR? Signed after?

Is there some part of the EU that you can submit a contract and that they go
thru and raise any compliance issues that you should change? Or is it, do you
best, and possibly get a knock on the digital door by the EU at a later date
and a backdated fine?

Hard to form any opinion about this without knowing when the contracts got
signed (by both parties) and how changes in law affect existing contracts from
an accountability aspect (good/bad faith) on both sides.

~~~
krageon
Microsoft has contracts that are extremely overbearing so it is not surprising
that their contracts might not comply with the law. There is of course a space
(the legal department) and a profession (lawyers) that large institutions
usually employ to monitor problems like these and I don't see why there needs
to be another body that performs the same function.

~~~
Zenst
Not all companies have Microsoft or indeed EU sized lawyer pools. So would be
nice if there was some aspect of the EU that you could have check/audit
contracts to approve them as compliant. Sure that may well be the realms of a
lawyer and equally also insurance policy on the indemnity aspect. But does
highlight how smaller companies will and can suffer the same issues (maybe
more so) and fall foul even when acting in good faith.

[https://europa.eu/youreurope/business/selling-in-
eu/public-c...](https://europa.eu/youreurope/business/selling-in-eu/public-
contracts/public-tendering-rules/index_en.htm)

"If your company, organisation or institution is established in the EU (In
this case, the 28 EU member states + Iceland, Norway and Liechtenstein.), you
have the right to compete for a public tender in any EU country. You have the
right to:

compete for a public tender in another EU country without discrimination use
supporting documents (certificates, diplomas, etc.) issued by your country
have equal access to all information regarding tenders, regardless of the EU
country in which you are established have access to the review procedures in
the respective country"

That last one implies that equally access to review procedures in EU member
states must be available. That would cover contracts and with that, raises
more questions about the accountability of this.

But my takeaway is, if Microsoft can have a contract questioned at a later
date, how exposed are smaller companies in the same vain.

~~~
rzwitserloot
It's not that black and white.

It's more a matter of: If you push your legal rights in such a contract to the
absolute limits, well, you may run into some issues later on when laws change.

If you're a tiny company but you put maximum onerous one-sided rules in your
contracts, AND you somehow have the government you're selling to by the short
and curlies so they sign it anyway, yeah, this view of 'eh, microsoft has got
it coming' would imply this small company is now on the hook for keeping a
team of lawyers on the ball.

That seems fair to me.

In real life, there's no way a small company would even go for such a pushed
contract in the first place, or if they did, that's because they messed up by
copying the wrong contract text, or there's a big brother helping them out.

Or, perhaps said simply: If this notion of 'oops the rules changed right in
the middle of the contract, that is not fair!' becomes relevant, they probably
were.. NOT acting in good faith in the first place.

~~~
JumpCrisscross
> _If this notion of 'oops the rules changed right in the middle of the
> contract, that is not fair!' becomes relevant, they probably were.. NOT
> acting in good faith in the first place_

That assumes a benevolent government. Rules can change because of balance-of-
power shifts, or as a result of misinformed debates.

If you do business in a heavily-regulated economy like Europe, part of the
cost of doing business is legal and compliance. This is a valid tradeoff the
Continent has made. It makes many consumers and workers happy while adding
fixed costs to commerce.

~~~
gpderetta
> That assumes a benevolent government. Rules can change because of balance-
> of-power shifts, or as a result of misinformed debates.

that's true in any jurisdiction, right? Laws and regulations can always
override contracts.

~~~
JumpCrisscross
> _that 's true in any jurisdiction, right? Laws and regulations can always
> override contracts._

What varies is how easily new rules can be introduced, how easily they can be
challenged, and the number of entities with rule making power.

Broadly speaking, Europe's systems make it easy for rules to be introduced and
hard for them to be struck down by a competing arm of government. There also
tend to be more regulators with independent rule making authority in Europe
than in America.

This derives, fundamentally, from differing levels of trust in government, and
differing views on the scope of government's job.

~~~
gpderetta
The rule (i.e. the GDPR law) was introduced by the european commission and
parliament. It is applied by the various regulating agencies, interpreted by
the courts and ultimately by the ECJ.

It is not like that governmental agencies are making up rules.

~~~
JumpCrisscross
> _It is applied by the various regulating agencies_

I was making a broad statement about rule making processes in the Europe (EU
and member states) versus Europe. That said, GDPR is independently interpreted
by each of the EU's member states. It is a complain-investigate regime that
does not bind one member state to the other's precedents. That's a lot of
leeway for regulatory variance.

~~~
gpderetta
divergence of rule interpretation is an issue, and harmonization is is the
role of the ECJ (as final arbiter of interpretation) and ultimately the
European legislative branch (for further harmonization).

Still, I do not see you go from that to "[it is] easy for rules to be
introduced and hard for them to be struck down ".

edit: remember, the alternative is 28 potentially incompatible rules.

------
big_chungus
The obvious issue is that these contracts are already in place. It will be
very difficult, if not impossible, for the eu to add such a contractual
provision (especially of this significance) arbitrarily; they may have to wait
until the contracts are re-negotiated.

~~~
gpderetta
What contractual position? It seems that any contractual term which is against
the law would be null. I do not think that the law is (nor should be)
subordinate to contract terms.

~~~
freehunter
Was the contract against the law when the contract was signed? Others are
saying the law was changed after the contract was agreed to.

~~~
gpderetta
Laws change all the time making contract clauses invalid, I don't think that's
an issue.

Sometimes laws might explicitly grandfather previous arrangements or provide
transition periods, but that's not a given.

In the case of GDPR, of course grandfathering would render the law moot, but
it did take many years from the law passing to becoming effective.

To make an example which is relevant to our field, if a law is passed making
non-compete invalid, would you expect it to only apply to new contracts?

