Share this article
Latest news
With KB5043178 to Release Preview Channel, Microsoft advises Windows 11 users to plug in when the battery is low
Copilot in Outlook will generate personalized themes for you to customize the app
Microsoft will raise the price of its 365 Suite to include AI capabilities
Death Stranding Director’s Cut is now Xbox X|S at a huge discount
Outlook will let users create custom account icons so they can tell their accounts apart easier
German watchdog group reports Microsoft 365 violates GDPR child consent protections
2 min. read
Published onDecember 2, 2022
published onDecember 2, 2022
Share this article
Read our disclosure page to find out how can you help Windows Report sustain the editorial teamRead more
Microsoft and German federal and state data protection authorities are going back and forth over General Data Protection Regulations (GDPR) as the country looks to ban Microsoft 365 in schools.
The most recent dispute comes as the German Watchdog group Datenschutzkonferenzpublished a new reportthat states Microsoft remains in breach of GDPR despite two years of negotiations.
Datenschutzkonferenz’ issues with Microsoft 365 are two-fold with the first being a violation of cloud data sovereignty and the other having to do with adolescent data consent policies. GDPR stipulations state that children under 13 cannot consent to having their data collected and the Datenschutzkonferenz report claims that accessing Microsoft 365 by children automatically give Microsoft “access to unencrypted and non-pseudomized data.”
Microsoft disputes the DSK’s report with the following statement, “We ensure that our M365 products not only meet, but often exceed, the strict EU data protection laws. Our customers in Germany and throughout the EU can continue to use M365 products without hesitation and in a legally secure manner.”
However, over the past two years, Microsoft has attempted tomake concessionsto meet the demands of Germany’s DSK, but efforts have stalled with DSK claiming Microsoft has only changed its wording but not the actual way Microsoft 365 collects data, and Microsoft reiterating its commitment to addressing “any remaining concerns.”
While Microsoft is attempting to assuage fears the German DSK have over data access and collection, the company is realistically hamstrung by several US-based regulations that include theLawful Overseas Use of Data Act (CLOUD Act)andFISA 702which supersede foreign citizens’ rights to expedite data access when pursuing criminal investigations.
By their very nature, the CLOUD Act and FISA 702 require that Microsoft, Google, Apple, and other large scale international data traffickers “preserve, backup, or disclose contents of electronic communication or noncontent records.”
It is unclear where Microsoft and Datenschutzkonferenz go from here but unless the software giant can figure out a loophole to US-based regulatory policies dealing with international data, they and other companies will continue to potentially run afoul of GDPR standards in both broad and specific cases like those dealing with consent of minors.
Kareem Anderson
Networking & Security Specialist
Kareem is a journalist from the bay area, now living in Florida. His passion for technology and content creation drives are unmatched, driving him to create well-researched articles and incredible YouTube videos.
He is always on the lookout for everything new about Microsoft, focusing on making easy-to-understand content and breaking down complex topics related to networking, Azure, cloud computing, and security.
User forum
0 messages
Sort by:LatestOldestMost Votes
Comment*
Name*
Email*
Commenting as.Not you?
Save information for future comments
Comment
Δ
Kareem Anderson
Networking & Security Specialist
He is a journalist from the bay area, now living in Florida. He breaks down complex topics related to networking, Azure, cloud computing, and security
