Ireland: Issued Data Protection Commission ruling in an investigation into Microsoft’s compliance with erasure requests

On 15 November 2023, the Irish Data Protection Commission (DPC) closed its investigation into Microsoft Ireland, determining it had failed to comply with two erasure requests in infringement of Articles 12 and 17 of the General Data Protection Regulation (GDPR). The DPC determined that Microsoft failed to inform the complainant of their right to judicial remedy and failed to erase their data without undue delay. The DPC ordered Microsoft to update its policies to properly inform users of their rights and issued a formal reprimand.