Microsoft Office in trouble in Germany due to GDPR

Russell Kidson
Dec 1, 2022
Updated • Dec 1, 2022
Windows
|
15

Microsoft’s suite of productivity apps, Microsoft 365, is in hot water with German authorities due to an alleged incompatibility with the data protection laws of Germany and the rest of the European Union.

Microsoft has been in negotiations with Germany’s state and federal data protection authorities since 2020 about the compatibility of its 365 utility with the EU’s data protection laws. According to a report written by the Datenschutzkonferenz (DSK), Microsoft is still in breach of the General Data Protection Regulation (GDPR).

The main issue seems to be that under the GDPR, individuals under 13 years of age are not capable of consenting to data collection. Permission may be given by a guardian or other holder of parental responsibility for children under 16 years of age, but the law is clear about companies not being able to collect data from children younger than 13. The unofficial agreement with data collection is that should data be collected from a consenting adult, that person retains the agency to request that their data be deleted.

Unfortunately, while Microsoft 365 is incredibly useful in school situations, use of the utility requires users to consent to data collection. Particularly, the report highlights that ‘Many of the services included in Microsoft 365 require Microsoft to access the unencrypted, non-pseudonymized data.’*

*The quote above has been translated from the native German used in the report into English.

Microsoft, however, maintains that ‘We ensure that our M365 products not only meet, but often exceed, the strict EU data protection laws. Our customers in Germany and throughout the EU can continue to use M365 products without hesitation and in a legally secure manner.’

The DSK alleges that Microsoft is still in breach of the law because it has only changed the wording of its policy, not the implications thereof. The final word on the ruling thus far is that the ‘use of personal data of users (e.g. employees or students) for the provider's own purposes excludes the use of a processor in the public sector (especially in schools).’

The Founder of Tutanota, an encrypted email service, Matthias Pfau, delivered his opinion of the situation subsequent to the ruling: ‘It is unbelievable that American online services continue to trample on the European GDPR more than four years after it was passed... Instead of relying on voluntary cooperation, much harsher consequences must be drawn here; for example, by using completely different systems. Linux with Open Office is a very good alternative to which schools and authorities should switch immediately.’

If you’re not familiar with the software, click here for our first look at Microsoft 365.

Advertisement

Tutorials & Tips


Previous Post: «
Next Post: «

Comments

  1. kg said on December 2, 2022 at 8:22 pm
    Reply

    linux, schools. that’ll end well.

  2. Microsofted said on December 2, 2022 at 4:00 pm
    Reply

    It’s time to slam the door on Microsoft. Use LibreOffice or swap out one spyware (Microsoft Office) for another that isn’t as bloated (WPS Office).

  3. Anonymous said on December 2, 2022 at 2:55 pm
    Reply

    “It is unbelievable that American online services continue to trample on the European GDPR more than four years after it was passed…”

    Their core business is often itself clearly not legal, even for the giants. It’s not a even a matter of edge cases only. Hence the science-fiction that has been happening for a few years in european courts on those privacy questions, for these companies to be still operating. See for example noyb.eu for a glimpse.

  4. Bobo said on December 1, 2022 at 10:58 pm
    Reply

    Proprietary software use in schools or any public agency should be forbidden by law worldwide. Open source for all would benefit everyone in the long run, especially kids that could grow up to be critical thinkers instead of blind sheep with a microsoft account thinking there are no other options to do things. The time to criticize, ridicule, belittle and drop Microsoft, Google and Apple is now. make those alternatives as stupid and ridiculously dumb as they actually are.

  5. VioletMoon said on December 1, 2022 at 8:54 pm
    Reply

    “Linux with Open Office is a very good alternative to which schools and authorities should switch immediately.”

    Gosh, I read years ago and thought Germany did move to Linux and Libre Office–all government buildings, employees, schools, etc.

    https://www.neowin.net/news/munich-germany-realizes-that-deploying-linux-was-a-disaster-going-back-to-windows/

    Guess it didn’t work out.

    But that shouldn’t stop the entire EU from moving over to Linux. Much has changed in 10 years. I so much prefer Linux over Windows, and Libre Office is compatible with M365.

    I thought the French did as well–currently watching “The Bureau” which shows Linux and Apache being used by French Intelligence.

    https://www.linuxtoday.com/infrastructure/linuxworld-french-schools-using-linux-more-than-350-schools-access-the-internet-using-linux-and-oss/

    When speaking with a gal from Romania she said, “It’s all we’ve ever used [Linux]; no one in our country wants to spend that type of money on MS products.”

    1. Dragan said on December 2, 2022 at 9:12 am
      Reply

      Nobody wants to use PC and RTFM every single day when something doesn’t work, or there is instability/compatibility issues. There are millions of small proprietary apps that are in use and guess what – replacing them with FOSS (or other proprietary in that matter) version isn’t 1 day job !
      I do understand your point, but reality is often disappointing (Thanos moment here) !

      btw: Google Green Hill – Using Linux Software in Defense Systems Violates Every Principle of Security
      Older but still relevent

      1. VioletMoon said on December 2, 2022 at 5:17 pm
        Reply

        Thanks for the article tip!

        Best quote–“O’Dowd said. ‘The open source process violates every principle of security. It welcomes everyone to contribute to Linux. Now that foreign intelligence agencies and terrorists know that Linux is going to control our most advanced defense systems, they can use fake identities to contribute subversive software that will soon be incorporated into our most advanced defense systems.'”

        The problem with incorporating Linux anywhere [as I see it] is the lack of talented IT Techs who can take an “open source” system and customize it in such a way that it becomes an impenetrable fortress. I only know of one such person who is based in Romania.

        Now for some incredible facts: https://webtribunal.net/blog/linux-statistics/

        The site mirrors information found all over the Internet, and if one wants to include Android as a modified version of Linux and count the number of Intelligence Agencies using Android on phones, then O’Dowd makes a disputed point.

        Yes, reading the “man” pages takes time when one is new to the system, and that’s what makes Linux presumably an easy target for hackers–who is willing to take the time to close that back doors–especially in the US where agencies want “quick fixes.” No such thing, except in countries who have students more accustomed to Linux than Windows due to prohibitive costs.

        It’s a bit of a stretch, but the view that Linux violates every principle of security is much like saying Tor violates every principle for the consumer hoping for a privacy advantage–not possible since Tor is open source and was originally developed by the US Naval Research Laboratory.

        The following article makes a great case for each system and why Windows may be preferred over Linux:

        https://medium.com/codex/5-reasons-why-linux-is-more-secure-than-windows-1d036c3d3324

        Depends on who runs the system.

  6. Cor Invictus said on December 1, 2022 at 8:33 pm
    Reply

    All those data “protectors” in EU are nothing but a profit facade for legitimizing the cut they take from the “Big Tech.” making money in EU’s neighborhood. Only naive people cheer them up.

    1. Aluminum said on December 4, 2022 at 9:12 am
      Reply

      Only naïve people shill for big tech by disparaging laws that restrict their data collection. Again, Why do you favor the rights of big tech/big gov over individual privacy and freedom?

      You don’t like the GDPR because it is enforced with fines? What is your solution, hope that Facebook and Google will protect your privacy and freedom out of the kindness of their big tech hearts? That is truly naïve.

    2. John G. said on December 1, 2022 at 10:37 pm
      Reply

      +1

  7. John G. said on December 1, 2022 at 7:24 pm
    Reply

    GDPR is nonsense for people that post everything about their sad lifes in all media with their best fake smiles. Pure bulls*** of inner morality all around an office software that nobody really cares. Just my two cents and please thanks for this article, it’s a must have read just to see what is happening in Europe nowadays, where everything is restricted but woke media and wishful thinking. No Christmas tree in so much places to bot offend the minority. Pure bulls*** in Europe, GPDR and everything related with the void of freedom speech.

    1. Aluminum said on December 2, 2022 at 8:08 pm
      Reply

      The Europeans have put the rights of the individual over the rights of big tech. Why do you want big tech/big gov to have all the power? Why are you against privacy and freedom?

  8. TimH said on December 1, 2022 at 6:18 pm
    Reply

    It’s amazing that MS and others continue to state that they are not violating GDPR when they know perfectly well that they are. Any data that goes to US servers is available to US agencies, by US law. GDPR fail, no matter what the privacy policy wording is, for data that is not necessary for a transaction to go to USA-accessible servers.

    1. Dragan said on December 2, 2022 at 9:00 am
      Reply

      Wrong.
      All data that resides on any US company server regardless of their geographic location, can be and is under US jurisdiction under FISA court

      1. matthiew said on December 8, 2022 at 8:37 am
        Reply

        Pretty sure Microsoft has servers in Germany to store German data. US servers aren’t relevent to this topic.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.