Posted in Security

Germany bans Microsoft Office 365 in schools due to privacy concerns

If an institution where you study, or a school where your children study has adopted Office 365 cloud services, their private data is collected by Microsoft. Due to privacy concerns, a German state has banned the use of Office 365 at schools.

Microsoft Office software package has been around for many years as an application that is installed on a PC. Word, Excel and PowerPoint are the most popular apps in the package. They run on a PC and all data is saved on the same PC, or local office or school network. The introduction of cloud services allowed Microsoft to develop Office 365, a cloud version of the application package.

In order to access Office 365 services, users must login to Microsoft servers and do most of the tasks while connected to the servers. This allows Microsoft to collect data about the users and what they do.

Collecting private data of school children is exactly what Microsoft has done according to the privacy commissioner of Hesse, a German state of six million inhabitants. The commissioner advised all schools to stop using Office 365 and Windows 10.

“…in connection with the use of Office 365 in the cloud … the security and traceability of the data processing processes are not guaranteed. Therefore the data processing is inadmissible … data is also transmitted when using Office 365, whose contents have not been finally clarified despite repeated inquiries at Microsoft.“

GDPR regulation has been in effect in EU countries since May 2018, protecting citizens’ privacy.

It was too little and too late, but a Microsoft representative finally told The Next Web that they have added more options for data sharing:

“When Office 365 is connected to a work or school account, administrators have a range of options to limit features that are enabled by sending data to Microsoft. We recently announced (here and here), based on customer feedback, new steps towards even greater transparency and control for these organizations when it comes to sharing this data.”

It doesn’t change the core problem: private data is collected and possibly transmitted to the US.

Cloud services by Google and Apple that compete with Office 365 have the same problems in the eyes of the privacy commissioner of Hesse in Germany.

Also Windows 10 is a busy private data hoarder

Recently, I purchased a new Windows 10 laptop. The setup process took a long time because the operating system asked tons of confirmation questions about private data collection. The default value for every single option was to allow the collection of private data. Microsoft seems to trust that people simply hit Enter or Yes to whatever questions they are asked. They are probably right.

The thing that bothers me with this is that I have paid for the product. I have paid for Windows 10, and don’t expect to pay an additional price with my private information.

Microsoft Windows 10 privacy settings

Open the Settings section in Windows 10, go to the Privacy section and explore all the ways Microsoft is collecting your data. Sure, you can turn off many of these spying options, but the concern remains: where are the rest of the settings I should know about? Well, it doesn’t matter because it seems that the company acquires user data indirectly as well.

The generic Microsoft Privacy Statement reads:

Microsoft collects data from you, through our interactions with you and through our products. You provide some of this data directly, and we get some of it by collecting data about your interactions, use and experiences with our products. The data we collect depends on the context of your interactions with Microsoft and the choices that you make, including your privacy settings and the products and features that you use. We also obtain data about you from third parties.