This essentially means that, due to the lack of transparency, it is impossible for regulators to assess from the outside exactly what information Microsoft is collecting, and how it is using this data, making it unlawful to use under GDPR.
employees or students) for the provider’s own purposes precludes the use of a processor in the public sector (especially at schools).” “The use of personal data of the users (eg. “The contractual documents are not precise in this regard and do not allow for conclusive evaluation of processing, which may even be extensive, including for the company’s own purposes,” the report continued. In addition, Microsoft does not fully disclose which processing operations are carried out on behalf of the customer or which are carried out for its own purposes,” said a report by the DSK working group looking at the issue. “Microsoft does not fully disclose which processing operations take place in detail. The German Data Protection Conference (DSK) – which consists of the German Federal Data Protection Authority and 16 state regulators – said that, given the lack of transparency around how Microsoft collects and processes personal data, as well as the potential for third-party access to it, the use of O365 is not legally compliant with the General Data Protection Regulation (GDPR). Federal German data protection authorities have banned the use of Microsoft Office 365 in schools due to privacy concerns around the use of US cloud providers.
0 kommentar(er)
