Wolfie ChristlNov 25, 2022

RT @[email protected]

~2 Jahre hat eine Arbeitsgruppe der Konferenz der unabhängigen Datenschutz-Aufsichtsbehörden von Bund und Ländern (DSK) versucht, Nachbesserungen bei Microsoft 365 zu erreichen.

👉 Zusammenfassung des Berichts der AG zu #MS365: https://datenschutzkonferenz-online.de/media/dskb/2022_24_11_festlegung_MS365_zusammenfassung.pdf

Festlegung der DSK: 👇

🐦🔗: https://twitter.com/alvar_f/status/1596179727311863809

Show threadWolfie ChristlNov 25, 2022
After two years of negotiations with Microsoft, the joint committee of the German federal data protection authority and 17 state regulators (DSK) published a devastating statement that essentially says that organizations currently cannot use MS365 in a lawful way under the GDPR.
Show threadWolfie ChristlNov 25, 2022

Key issues raised by the DSK working group include that Microsoft's data processing agreement does not make sufficiently clear how Microsoft uses personal data it allegedly processes on behalf of the client for its own business purposes.

This must be escalated to the EU level.

Show threadWolfie ChristlNov 25, 2022

The document states that it's not clear how Microsoft uses personal data on its clients' users for its own 'business purposes' while Microsoft grants itself extensive rights to do so.

It also states that Microsoft generally processes telemetry data for its own purposes at scale.

Show threadWolfie Christl

Microsoft now markets itself as a trustworthy and responsible tech giant, but it's not.

While keeping a friendly face, it works hard to undermine regulation and normalize corporate data misuse, including at work, not to mention its surveillance marketing and defense businesses.

Nov 26, 2022 at 12:40amMastodon Twitter Crossposter
Show threadWolfie ChristlNov 26, 2022

Well this blew up.

To be clear, the DSK's statement is an assessment, not an enforcement decision. But what's stopping German regulators from enforcement?

Problem is that MS365 is unavoidable in many areas. I think this requires a coordinated political effort at the EU level.

Show threadWolfie ChristlNov 26, 2022
I wrote a bit about Microsoft, platform power and data in this thread from February:
https://twitter.com/WolfieChristl/status/1496083980252508163
Wolfie Christl on Twitter

“NL forced Microsoft to provide its software for govt and universities under data terms that prohibit MS from exploiting personal/behavioral data for its own purposes. ✅ It's possible ➡️ This is what everyone in the EU deserves, including Home/Pro users https://t.co/J2NVP2uNpN”

Twitter
Show threadWolfie ChristlNov 29, 2022

German-language articles on the DSK report:
https://www.heise.de/news/Datenschutzkonferenz-Microsoft-365-ist-und-bleibt-datenschutzwidrig-7352065.html
https://www.golem.de/news/datenschutzkonferenz-einsatz-von-microsoft-365-bleibt-datenschutzwidrig-2211-170050.html
https://www.faz.net/aktuell/wirtschaft/excel-word-teams-datenschutz-warnt-vor-microsoft-365-18494770.html

Microsoft statement ("we disagree / but will address concerns"):
https://news.microsoft.com/wp-content/uploads/prod/sites/40/2022/11/DSK-Blog-Post_25NOV2022_ENG_FINAL.pdf

Comprehensive English-lang piece by @[email protected]:
https://techcrunch.com/2022/11/28/microsoft-365-faces-darkening-gdpr-compliance-clouds-after-german-report

Datenschutzkonferenz: Microsoft 365 ist und bleibt datenschutzwidrig

Einzelne Fortschritte Microsofts erkennen die Datenschützer Deutschlands an. Das reicht nicht.

heise online
Show threadWolfie ChristlDec 1, 2022

Microsoft published another 7-page statement aggressively refuting the DSK report, German:
https://news.microsoft.com/wp-content/uploads/prod/sites/40/2022/11/2022.11_Stellungnahme-MS-zu-DSK_25NOV2022_FINAL.pdf

Btw. I wonder what exactly was the defined purpose and legal basis for MS to analyze "trillions of Microsoft 365 productivity signals" here?
https://twitter.com/WolfieChristl/status/1574488874201522178

Show threadWolfie ChristlDec 1, 2022
Here's another 'study' that also claims to be based on "trillions of productivity signals in Microsoft 365" including Teams data, "collaboration activity across Microsoft 365 tools", "productivity patterns in Outlook", "anonymized Outlook calendar data":
https://www.microsoft.com/en-us/worklab/work-trend-index/great-expectations-making-hybrid-work-work
Great Expectations: Making Hybrid Work Work

The 2022 Work Trend Index Report reveals five urgent trends business leaders need to know about hybrid work.

Show threadWolfie ChristlDec 1, 2022

Is this 'research'? Or marketing?

Which organizations and users contributed MS365 data to these 'studies'? Are they aware of it? Are they fine with Microsoft extracting knowledge from data on employees activity and internal processes?

How else does Microsoft exploit MS365 data?

Show threadWolfie ChristlDec 9, 2022
The full 58-page DSK report assessing the MS365 data processing agreement is now available online:
https://twitter.com/alvar_f/status/1600526110357278724
Alvar C.H. Freude on Twitter

“#MS365-Bericht nun vollständig (außer Anlagen) online: https://t.co/spEOrA5yqZ – 58 Seiten Abschlussbericht der AG „Microsoft-Onlinedienste“ der Konferenz der unabhängigen #Datenschutz-Aufsichtsbehörden von Bund und Ländern. #DSGVO #Teamdatenschutz”

Twitter
Show threadBobo_PK 🦄Dec 1, 2022
@wchr there is no way to opt out.
Show threadWolfie ChristlDec 1, 2022
@Bobo_PK I think this is what the dispute on the DPA (the contract that governs how Microsoft may use the data) between German regulators and Microsoft is about ;)
Show threadBobo_PK 🦄Dec 1, 2022
@wchr I had to evaluate teams in the former company. My result was that they stored our data in Amsterdam, so EU but because of the cloud act they will never be able to comply with GDPR.
Show threadBobo_PK 🦄Dec 1, 2022
@wchr I mean they even have monitoring solutions for employees in place that automatically detect whether you talk bad or want to leave your employer. They collect and snitch because their money givers are not the workers. #surveillanceCapitalism
Show threadlizinhas9000Nov 27, 2022
@wchr: don't allow Microsoft or Facebook or any other to harvest data and then transfer it. It is useless to forbide them to use the data once they have it. Who's going to stop them from using it? Nobody. It's this simple.
Show threadDr. Emma L Briant🐕🇬🇧in🇦🇺Nov 26, 2022
@wchr @kik1 ☝️☝️
Show threadKirstenNov 26, 2022
@emmalbriant @wchr the issue is that the EU institutions themselves are overreliant on MS. We're just starting to roll out Teams in the Parliament... this might have an impact on political will to coordinate and push enforcement
Show threadMarkus Feilner (has moved)Nov 26, 2022
@wchr "unavoidable" like other Crime?
Show threadWinfried is Anti Fascism 🏳️‍🌈Nov 26, 2022
@wchr the only functionality of office365 I haven't found equal or better in libre office is the collaborative editing.
Show threadDinoNov 26, 2022
@winfriedtilanus @wchr #collaboraonline seems to have achieved this, it works very well (I only use it with one other person at a time, not sure how well it scales if you are talking about more than 2 people editing the same document at once).
Show threadMarc VéronNov 26, 2022
@wchr It would be great to see some #Hashtags in your #Toots for more #visibility and #searchability in the #Fediverse.
With #Mastodon V4, it is possible to #followHashtags - but to do so, we need them.
#UseHashtags
Show thread🐧DaveNull🐧 ☣️pResident Evil☣Nov 26, 2022
@wchr They don't even need to put so much effort in their “trustworthy" bullshit… Many people already believed that for decades. And when you show them proofs of abuse, like for ex. what M$ did in Tunisia circa 2007, the patent for VoIP interception that M$ filled back in 2011 shortly after they bought skype, or more recently the steps they took to make st harder to install non-M$ OSes, with the help on Lenovo… Their fanboys will just put their hands in their ears and shoot out loud things […]
Show thread🐧DaveNull🐧 ☣️pResident Evil☣Nov 26, 2022

@wchr […] like "You're paranoid, I have nothing to hide because I'm not a criminal", "but we can trust the contract we have with them!" and "they've changed 10 years ago¹, not hostile anymore. Look! they love open source² !", or whatever M$ PR department wants them to constantly repeat, all over the web… they are so blinded, they literally work in the M$ marketing team for free…

1. Been hearing that BS for 15+ years… Looks like M$ "changed in a positive manner years ago" often… time travel? 🤔

Show thread🐧DaveNull🐧 ☣️pResident Evil☣Nov 26, 2022

@wchr

2. People who understand the issues with privacy, vendor locking, cloud crap, DRMs, and proprietary software. don't care about "open source" marketing rethorics, they care about libre software. Anyone who prefers to use the term "open source" instead of free (as in libre) software don't give a shit about users rights. Not to mention many open washing stuff include proprietary spywares, especially electronJS crap with built-in google/facebook/other web surveillance companies spywares…

Show threadJons MostovojsNov 26, 2022

@wchr America is temporarily an ally of the free world and being in defense is temporarily defensible.

I wouldn't blame anyone for having defense contracts in 1939.

Show threadSam GuckenheimerNov 26, 2022

@wchr Wolfie, I spent many years at Microsoft and have observed the lengths the company goes to protect privacy and ensure its employees behave ethically and legally, especially since GDPR.

This whole thing sounds like a misunderstanding about how large scale web services work. The telemetry is anonymized, but you need it in order to run the service and keep it healthy.

The DSK statement is vague at best. Let's not jump to conclusions.