Germany has been debating for years whether its institutions should use Microsoft tools or not. The German state of Hesse recently labeled the use of Windows 10 and Office 365 in schools as unsafe.
This decision has been made amid the government’s concern about data privacy. The Federal Office for Information Security believes that private data of teachers and students may be exposed due to a configuration in Office 365.
Office 365 uses a telemetry feature to collect user data and send it back to Microsoft.
The data includes software diagnostic results, email subject lines or information used by the spellchecker tools and more. Windows 10 also uses a similar technique to collect telemetry data.
The problem is that students can not provide their consent to data collection. Moreover, most of the times, Microsoft does not ask for user consent to collect and store information. Hence, GDPR laws prohibit companies from these illegal practices.
Microsoft is not the only company targetted by the Federal Office for Information Security. The cloud-based solutions offered by Apple and Google fall under the same category.
The Hesse commissioner recommended educational institutions to use alternative applications that provide similar services locally.
Microsoft needs to come up with a satisfactory solution to resolve this issue. Otherwise, many other European countries may adopt a similar strategy.
It is important that companies that have access to such data use strong encryption mechanisms to avoid security concerns.
- Microsoft Edge to get 3 levels of privacy control settings
- Microsoft extends GDPR privacy regulations beyond the EU