The central German state of Hesse’s local Data Protection Authority (DPA) has banned the use of Microsoft 365 in its schools, citing concerns over privacy violations. According to the authority, the program’s settings gather data from within the users’ programs. This clearly violates the EU’s General Data Protection Regulation (GDPR) policies.

The Microsoft 365 debate has been a longstanding one in Germany. In 2018, several state courts, including the federal German court, found that Microsoft violated local laws connected to the GDPR. From there, the Microsoft 365 ban spread to France. The ban has mostly affected educational institutions and companies that work with these programs.

Microsoft Breaks Its Contract with Germany

The ban comes after Microsoft terminated its special arrangement for German users. Under the arrangement, Microsoft allowed Germany to hold its servers locally. This ensured that no user data left the country.

Since the termination of those arrangements and legislative developments in the US, three major issues now confront Microsoft 365 in the EU:

  1. EU authorities are calling for local-only servers
  2. Under a newly promulgated act, US agencies can access user data stored on US companies’ servers, even the data of non-US citizens
  3. Microsoft fails to guarantee minors’ data protection

Under the GDPR, those under 18 years old can’t consent for their data to be collected. Even on the platforms that do store such data, customers should be able to request the purging of records.

Since the prior arrangements have fallen through, Microsoft no longer uses strictly local servers from GDPR-compliant operators. Moreover, the US Clarifying Lawful Overseas Use of Data Act (CLOUD Act) of 2018 allows US agencies to sift through foreign data stored on US companies’ servers. Under the circumstances, the only solution was to ban the product, at least for all underage persons.

The solution for companies operating inside Europe is to get an on-premise server. Otherwise, they risk violating local and GDPR laws around underage and other users’ privacy.

Microsoft 365 Ban Due to GDPR Violations

Microsoft declared in late 2018 that it would no longer…

Read The Full Article at TechGenix

Check Also

Privacy 2024 Recap – some significant decisions, slow progress for reform

The past year saw a few court decisions of note as well as halting progress toward privacy…