The German state of Hesse is banning access to Office 365 in schools over privacy concerns (via Ars Technica). The product was launched in the country a couple years back with the promise to keep all data inside its borders, however it has since been under fire for its lack of transparency regarding the data it collects.
While the ban targets Office 365 specifically, the Hessian commissioner of Data Protection and Freedom of Information (HBDI) states that the competing services from both Google and Apple are in the same boat:
“What is true for Microsoft is also true for the Google and Apple cloud solutions. The cloud solutions of these providers have so far not been transparent and comprehensibly set out. Therefore, it is also true that for schools the privacy-compliant use is currently not possible.”
Part of the HBDI’s concern is that it says that the company is because of Microsoft’s closure of its data centers in Germany, causing many schools to migrate their data into the European datacenters. This inadvertently prevents the German government from monitoring the data, which the HBDI says could be accessed by U.S. authorities.
Additionally, issues with the telemetry of both Office 365 and Windows 10 also come to question, as neither services offer manual settings to disable them. As noted by the HBDI, the company’s telemetry practices are illegal without the consent of each individual user.
Microsoft later stated that “administrators have a range of options to limit features that are enabled by sending data to Microsoft,” but that it looks forward to “engaging further with the Commissioner on its questions and concerns related to Microsoft’s offerings.” Here’s the full statement:
“We routinely work to address customer concerns by clarifying our policies and data protection practices, and we look forward to working with the Hessian Commissioner to better understand their concerns. When Office 365 is connected to a work or school account, administrators have a range of options to limit features that are enabled by sending data to Microsoft. We recently announced (here and here), based on customer feedback, new steps towards even greater transparency and control for these organizations when it comes to sharing this data. In our service terms we document the steps we take to protect customer data, and we’ve even successfully sued the U.S. government over access to customer data in Europe. In short, we’re thankful the Commissioner raised these concerns and we look forward to engaging further with the Commissioner on its questions and concerns related to Microsoft’s offerings.”
What do you think about these concerns? Do you think that Microsoft could be more transparent on privacy issues like these? Share your thoughts in the comment area below.