The Irish Data Protection Commission (DPC) confirmed Thursday it had received the complaint against the US tech giant, saying it was "currently under assessment".

Since Microsoft's European headquarters are located in Ireland, the DPC is the EU's lead data regulator for the company.

The organisation that brought the complaint, Eko -- which says it fights for "people and planet over profits" -- accused Microsoft of violating Europe's data protection law.

"Microsoft unlawfully processed personal data belonging to Palestinians and EU citizens, enabling surveillance, targeting, and occupation by the Israeli military," it said a statement.

The complaint follows a report in British newspaper The Guardian that the Israeli Defense Forces used Microsoft's cloud service Azure "for the storage of data files of phone calls obtained through broad or mass surveillance of civilians in Gaza and the West Bank".

After investigating the report, Microsoft cut the Israeli army's access to certain cloud services in September.

Eko has said that "new evidence shared by Microsoft whistleblowers indicates that the company rapidly offloaded vast quantities of illegally captured surveillance data after a Guardian investigation".

In a statement, a Microsoft spokesperson said: "Our customers own their data and the actions taken by this customer to transfer their data in August was their choice.

"These actions in no way impeded our investigation," they added.

According to The Guardian, the data was stored on Microsoft's servers in Ireland and the Netherlands, placing it under the EU's strict General Data Protection Regulation (GDPR).

GDPR, launched in 2018, aims to protect European consumers from personal data misuse and breaches.

© 2025 AFP