A key (Directive 95/46/EC) ruling broadly interpreting key definitions (personal and health data, processing) and narrowly applied exceptions, but found that simply putting a website online doesn't necessarily result in transfers.
[Updated 2 April with full writeup] After the EDPS' second investigation into the European Commission's use of Microsoft 365, they found (again) several serious EUDPR violations, notably related to purpose limitation and transfers, and which are still ongoing.
Following the EU-US DPF, the πΈπͺ Tax Agency approves using Microsoft Office 365 and Teams. Despite emphasising that everyone must do their own assessments, I'd say this could strengthen your own cloud services assessments.
Great news for those who aren't fans of TIAs: the EUC upholds adequacy for Andorra, Argentina, Canada, Faroe Islands, Guernsey, the Isle of Man, Israel, Jersey, New Zealand, Switzerland and Uruguay. β
The European Commission has now adopted its adequacy decision for the EU-US Data Privacy Framework, concluding that the United States ensures an adequate level of protection β comparable to that of the European Union β for personal data transferred from the EU to US