Office 365 banned in German state schools due to privacy worries


Schools in Hesse, Germany will stop using Microsoft Office 365 because of a cyber-security risk which could lead to violation of the General Data Protection Regulation (GDPR).

According to reports, problems first started to arise when Microsoft took the decision to shut down its data centre in Germany in August 2018. The move increased users’ data vulnerability against unauthorised access from US authorities.

Windows 10 can collect huge swathes of data regarding user habits when interacting with products and services, according to the owner’s privacy settings.

Information harvested can included email subject lines, plus any phrases that are translated through Microsoft’s translate software. As detailed by ZDNet, if data settings are clicked to “Enhanced” then Windows 10 can also gather elements of your system’s memory should a crash take place. Such a collection would also pick up sensitive data.

Commenting on the revelations, a Microsoft spokesperson said that the company had noted the security fears, and highlighted the choices that administrators already possess regarding limiting the quantity of data that is submitted to Microsoft through Office 365 running on a work or school network.

The spokesperson underlined Microsoft’s recent introduction of new security features designed to offer enhanced control over user data, before mentioning how the firm has successfully taken the US government to court for accessing user data in the Eurozone.

The spokesperson said:

“We’re thankful the Commissioner raised these concerns and we look forward to engaging further with the Commissioner on its questions and concerns related to Microsoft’s offerings.”

Microsoft has previously tried to allay fears about data collection through last year’s Windows Diagnostic Data Viewer. But from latest reports it seems more will need to be done by the corporation if it is to satisfy DPOs in Germany who are just searching for peace of mind regarding how the firm processes its data.

The DPO in Hesse has described how the region’s schools cannot rely on cloud solutions in a way that satisfies the standards of the GDPR. Until compliance can be guaranteed through the cloud, schools will have to fall back on locally-stored software, such as Microsoft’s non-cloud 2019.

Registration now OPEN for PrivSec Global
Taking place across four days from 30 Nov to 3 Dec, PrivSec Global, will be the largest data protection, privacy and security event of 2020.

Reserve your place today and gain access to the entire event free of charge. With all sessions available to view live or on-demand, you can build a personalised agenda based on your key focus topics and make the event fit around your work schedule.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.