GDPR rights are being ignored. In practice, this leads to a situation where Microsoft is trying to contractually dump most of its legal responsibilities under the GDPR on schools that provide Microsoft 365 Education services to their pupils or students.

Trying to find out exactly what privacy policies or documents apply to the use of Microsoft 365 Education is an expedition in itself. There is a serious lack of transparency, forcing users and schools to navigate a maze of privacy policies, documents, terms and contracts that all seem to apply. The information provided in these documents is always slightly different, but consistently vague about what actually happens to children’s data when they use Microsoft 365 Education services.

Maartje de Graaf, data protection lawyer at noyb: “Microsoft provides such vague information that even a qualified lawyer can’t fully understand how the company processes personal data in Microsoft 365 Education. It is almost impossible for children or their parents to uncover the extent of Microsoft’s data collection.”

Felix Mikolasch, data protection lawyer at noyb: “Our analysis of the data flows is very worrying. Microsoft 365 Education appears to track users regardless of their age. This practice is likely to affect hundreds of thousands of pupils and students in the EU and EEA. Authorities should finally step up and effectively enforce the rights of minors.”

As the terms and conditions and the privacy documentation of Microsoft 365 Education are uniform for the EU/EEA, all children living in these countries are exposed to the same violations of their GDPR rights. Therefore, noyb also suggests that the authority should impose a fine on Microsoft.

  • MonkderDritte@feddit.de
    link
    fedilink
    arrow-up
    5
    ·
    5 months ago

    Yes, there’s a ton of documentation, but correlating the settings across multiple different constantly changing web UIs plus the shit that’s only available through PowerShell is easily a full time job.

    Soumds like the thing they did with their 600-pages OOXML (.docx, .xlsx) specificaton during standardization, with most of it being proprietary extensions.

    If you can’t hide, confuse.