Just days after France’s Ministry of Education and Youth said that free versions of Microsoft Office 365 and Google Workspace should not be used in the country’s classrooms, amid GDPR compliance concerns for both suites, Microsoft is grappling with to a new setback with its cloud software in the European Union. This time, in Germanywhere state and federal data protection authorities (DSK) have raised questions about Microsoft 365’s compatibility with data protection laws in the country and in the EU.
According to a DSK report, echoed by The Register, prepared after two years of negotiations on compliance with European data protection laws with Microsoft, said Redmond product still does not comply with the GDPR. It was produced by a working group set up to make cloud services compliant with the Schrems II decision of the European Court of Justice. Specifically, it addresses EU concerns about cloud data sovereignty, competition and privacy rules.
As stated in the GDPR, children under the age of 13 are not empowered to consent to the collection of their data. Between the ages of 13 and 16 they can give consent under the responsibility of their parents, but under 13 they cannot. When the platforms store adult data, these clients are able to request the deletion of their records. Children under 13 years of age are not adults, and cannot request it.
The report also notes that many of the services included in Microsoft 365 require Microsoft to access data that is decrypted and not protected by a pseudonym. This, among other things, means that this office suite is not suitable for fully legal use in schools in Germany. Nor for their public bodies. However, the provisions do not affect the use made of Microsoft 365 by companies or consumers.
For its part, Microsoft has denied that the valuation of Microsoft 365 is adequate, assuring that its products “M365 not only complies with, but often improves on, the strict data protection laws in the EU. Our customers in Germany and in the EU can continue to use M365 products without hesitation and safely and legally.«.
When asked for further comment, a company spokesperson noted that “Microsoft 365 products meet the strictest industry standards for privacy and data security. We respectfully disagree with the concerns raised by the Datenschutzkonferenz and have already implemented many of the suggested changes to our data protection terms. We remain committed to working with the DSK to address any continuing concerns they have«.
