~2 Jahre hat eine Arbeitsgruppe der Konferenz der unabhängigen Datenschutz-Aufsichtsbehörden von Bund und Ländern (DSK) versucht, Nachbesserungen bei Microsoft 365 zu erreichen.
👉 Zusammenfassung des Berichts der AG zu #MS365: https://datenschutzkonferenz-online.de/media/dskb/2022_24_11_festlegung_MS365_zusammenfassung.pdf
Festlegung der DSK: 👇
Key issues raised by the DSK working group include that Microsoft's data processing agreement does not make sufficiently clear how Microsoft uses personal data it allegedly processes on behalf of the client for its own business purposes.
This must be escalated to the EU level.
The document states that it's not clear how Microsoft uses personal data on its clients' users for its own 'business purposes' while Microsoft grants itself extensive rights to do so.
It also states that Microsoft generally processes telemetry data for its own purposes at scale.
Microsoft now markets itself as a trustworthy and responsible tech giant, but it's not.
While keeping a friendly face, it works hard to undermine regulation and normalize corporate data misuse, including at work, not to mention its surveillance marketing and defense businesses.
Well this blew up.
To be clear, the DSK's statement is an assessment, not an enforcement decision. But what's stopping German regulators from enforcement?
Problem is that MS365 is unavoidable in many areas. I think this requires a coordinated political effort at the EU level.
“NL forced Microsoft to provide its software for govt and universities under data terms that prohibit MS from exploiting personal/behavioral data for its own purposes. ✅ It's possible ➡️ This is what everyone in the EU deserves, including Home/Pro users https://t.co/J2NVP2uNpN”
German-language articles on the DSK report:
https://www.heise.de/news/Datenschutzkonferenz-Microsoft-365-ist-und-bleibt-datenschutzwidrig-7352065.html
https://www.golem.de/news/datenschutzkonferenz-einsatz-von-microsoft-365-bleibt-datenschutzwidrig-2211-170050.html
https://www.faz.net/aktuell/wirtschaft/excel-word-teams-datenschutz-warnt-vor-microsoft-365-18494770.html
Microsoft statement ("we disagree / but will address concerns"):
https://news.microsoft.com/wp-content/uploads/prod/sites/40/2022/11/DSK-Blog-Post_25NOV2022_ENG_FINAL.pdf
Comprehensive English-lang piece by @[email protected]:
https://techcrunch.com/2022/11/28/microsoft-365-faces-darkening-gdpr-compliance-clouds-after-german-report
Microsoft published another 7-page statement aggressively refuting the DSK report, German:
https://news.microsoft.com/wp-content/uploads/prod/sites/40/2022/11/2022.11_Stellungnahme-MS-zu-DSK_25NOV2022_FINAL.pdf
Btw. I wonder what exactly was the defined purpose and legal basis for MS to analyze "trillions of Microsoft 365 productivity signals" here?
https://twitter.com/WolfieChristl/status/1574488874201522178
Is this 'research'? Or marketing?
Which organizations and users contributed MS365 data to these 'studies'? Are they aware of it? Are they fine with Microsoft extracting knowledge from data on employees activity and internal processes?
How else does Microsoft exploit MS365 data?
Wolfie Christl
Bobo_PK 🦄