Wolfie ChristlNov 25, 2022

RT @[email protected]

~2 Jahre hat eine Arbeitsgruppe der Konferenz der unabhängigen Datenschutz-Aufsichtsbehörden von Bund und Ländern (DSK) versucht, Nachbesserungen bei Microsoft 365 zu erreichen.

👉 Zusammenfassung des Berichts der AG zu #MS365: https://datenschutzkonferenz-online.de/media/dskb/2022_24_11_festlegung_MS365_zusammenfassung.pdf

Festlegung der DSK: 👇

🐦🔗: https://twitter.com/alvar_f/status/1596179727311863809

Show threadWolfie ChristlNov 25, 2022
After two years of negotiations with Microsoft, the joint committee of the German federal data protection authority and 17 state regulators (DSK) published a devastating statement that essentially says that organizations currently cannot use MS365 in a lawful way under the GDPR.
Show threadAntonio Santos 🇵🇹Nov 25, 2022
@wchr That puts Germany on a data island, considering that there are no alternatives.
Show threadAJENov 26, 2022
@Tribo @wchr I do t think that Germany will be on a ‘data island’.
First - being referred to EU means it may become Europe Wide.
Second - it may be similar to California where it’s not worth creating multiple product lines, so strictest wins out of federal/CA law.
I suspect MS will string it out as long as possible, then cave. Cancelling the most objectionable data mining/usage and admitting to usage moving forward for compliance.
Show threadAntonio Santos 🇵🇹
@AJE @wchr Germany GDPR nuances are slightly different from the other EU countries. We do have 28 versions of GDPR because countries have made their own adaptations of the European directive .
Nov 26, 2022 at 10:23pmToot!
Show threadAJENov 27, 2022
@Tribo @wchr thanks for the info. I generalize as privacy = GDPR + local/geo/industry additions. Sercurity standards = NIST + local/geo/industry additions.
So if I understand correctly you are saying the German decision might be on their additional bits to GDPR, not the core?
Thx