Oh dear, MS Office caught in EU GDPR user data rules breach.

Looks like It’s MS turn with the regulators now.

“Microsoft Office, the software that includes Microsoft Word and PowerPoint, is in breach of European data rules and has been harvesting data including the content of private emails, according to regulators. Dutch investigators said they had found large scale collection of personal data through Office, which Microsoft collected without informing users.”


Edit post

Conversation 9 comments

  • lethalleigh

    16 November, 2018 - 7:18 pm

    <p>Yes, I saw that. It's slipped by without much notice.</p><p><br></p><p>MS <span style="color: rgb(0, 0, 0);">has been harvesting data including the content of private emails allegedly. Will have to wait and see though, I wonder how different the regulations are between the E.U and the rest of the world.</span></p>

  • wright_is

    Premium Member
    19 November, 2018 - 12:49 am

    <p>My old boss, a security analyst and director of Greenbone (VAS / openVAS) writes regularly for major IT magzines in Germany and has been banging on for years about Windows' and Office's constant phoning home being illegal, even under the old data protection laws from the 1990s.</p><p>Not really a big surprise, but given that Microsoft is one of the few companies that has taken a stand to try and protect user data from being exported to the USA, it is also very disappointing.</p>

  • wright_is

    Premium Member
    19 November, 2018 - 6:09 am

    <p>I'm currently reading through the full PDF report from the Dutch government. It makes interesting reading.</p><p>Microsoft have agreed to come up with a GDPR compliant version of Office by April of next year. If they delay or the Dutch government feels that they are not moving quickly enough to a workable solution, the government will pass on the complaint to the DPO for further sanctions.</p><p>The report can be found here (English and Dutch) https://www.rijksoverheid.nl/documenten/rapporten/2018/11/07/data-protection-impact-assessment-op-microsoft-office </p>

    • lethalleigh

      19 November, 2018 - 6:32 am

      <blockquote><em><a href="#369735">In reply to wright_is:</a></em></blockquote><p>It's good to see the Dutch Government behaving so reasonably with this matter. They can't be any fairer than they are.</p><p><br></p><p>Perhaps it's an acknowledgement of MS's efforts that you stated.</p>

    • PeterC

      19 November, 2018 - 2:07 pm

      <blockquote><em><a href="#369735">In reply to wright_is:</a></em></blockquote><p>It’s going to be interesting to see if they use their “ compliance” to send a big dig into google gsuite now MS have released their transfer over tool. You just know their PR will push how they’ve complied but highlight how google don’t. ?</p>

  • hrlngrv

    Premium Member
    19 November, 2018 - 2:30 pm

    <p>Will this mean anyone in a job which <em>might</em> involve travel to the EU would be required to have the European version of Office installed on their work machines? What will it mean for people from the US bringing <em>personal</em> laptops with the US version of Office on vacation to EU countries? Will the UK be subject to GDPR post-BREXIT?</p>

    • PeterC

      19 November, 2018 - 4:00 pm

      <blockquote><em><a href="#369859">In reply to hrlngrv:</a></em></blockquote><p>hahaha … fab point, clearly all users data will need to be data flushed before entering EU air-space. Youll probably have to sign a customs declaration stating "no non Eu data to declare" and on entry walk through the green channel in customs, under the watchful eyes of customs officials twitching at the sight of a laptop or tablet. (old style baby!). There may even be a "duty free" data purchase on the plane on the way over.</p><p><br></p><p>As for us here in the UK – we'll we will take the next 2 years to argue amongst ourselves "what data actually is and can it be formed into cohesive customs union with the other 27 Eu states" or something utterly as tediously boring…. 🙂 vive la difference!</p>

    • wright_is

      Premium Member
      21 November, 2018 - 4:09 am

      <blockquote><em><a href="#369859">In reply to hrlngrv:</a></em></blockquote><p>It doesn't require travel to Europe. If you have any personally identifiable information about EU citizens on your computer, then you need the compliant version, even if you are in the USA, for example.</p><p>If you don't have any PII on EU citizens, there are no problems with using the non-compliant version or bringing it to the EU – just don't add any EU contacts to your Outlook.</p>

      • PeterC

        21 November, 2018 - 4:22 am

        <blockquote><em><a href="#370513">In reply to wright_is:</a></em></blockquote><p>hahaha oh the fun of it all</p>

Windows Intelligence In Your Inbox

Sign up for our new free newsletter to get three time-saving tips each Friday

"*" indicates required fields

This field is for validation purposes and should be left unchanged.

Thurrott © 2023 Thurrott LLC