Oh dear, MS Office caught in EU GDPR user data rules breach.

9

Looks like It’s MS turn with the regulators now.

“Microsoft Office, the software that includes Microsoft Word and PowerPoint, is in breach of European data rules and has been harvesting data including the content of private emails, according to regulators. Dutch investigators said they had found large scale collection of personal data through Office, which Microsoft collected without informing users.”

https://www.telegraph.co.uk/technology/2018/11/15/microsoft-office-collects-email-data-breach-gdpr-regulator-rules/

Comments (9)

9 responses to “Oh dear, MS Office caught in EU GDPR user data rules breach.”

  1. lethalleigh

    Yes, I saw that. It's slipped by without much notice.


    MS has been harvesting data including the content of private emails allegedly. Will have to wait and see though, I wonder how different the regulations are between the E.U and the rest of the world.

  2. wright_is

    My old boss, a security analyst and director of Greenbone (VAS / openVAS) writes regularly for major IT magzines in Germany and has been banging on for years about Windows' and Office's constant phoning home being illegal, even under the old data protection laws from the 1990s.

    Not really a big surprise, but given that Microsoft is one of the few companies that has taken a stand to try and protect user data from being exported to the USA, it is also very disappointing.

  3. wright_is

    I'm currently reading through the full PDF report from the Dutch government. It makes interesting reading.

    Microsoft have agreed to come up with a GDPR compliant version of Office by April of next year. If they delay or the Dutch government feels that they are not moving quickly enough to a workable solution, the government will pass on the complaint to the DPO for further sanctions.

    The report can be found here (English and Dutch) https://www.rijksoverheid.nl/documenten/rapporten/2018/11/07/data-protection-impact-assessment-op-microsoft-office

  4. hrlngrv

    Will this mean anyone in a job which might involve travel to the EU would be required to have the European version of Office installed on their work machines? What will it mean for people from the US bringing personal laptops with the US version of Office on vacation to EU countries? Will the UK be subject to GDPR post-BREXIT?

    • PeterC

      In reply to hrlngrv:

      hahaha ... fab point, clearly all users data will need to be data flushed before entering EU air-space. Youll probably have to sign a customs declaration stating "no non Eu data to declare" and on entry walk through the green channel in customs, under the watchful eyes of customs officials twitching at the sight of a laptop or tablet. (old style baby!). There may even be a "duty free" data purchase on the plane on the way over.


      As for us here in the UK - we'll we will take the next 2 years to argue amongst ourselves "what data actually is and can it be formed into cohesive customs union with the other 27 Eu states" or something utterly as tediously boring.... :-) vive la difference!

    • wright_is

      In reply to hrlngrv:

      It doesn't require travel to Europe. If you have any personally identifiable information about EU citizens on your computer, then you need the compliant version, even if you are in the USA, for example.

      If you don't have any PII on EU citizens, there are no problems with using the non-compliant version or bringing it to the EU - just don't add any EU contacts to your Outlook.

Leave a Reply