• Microsoft 365 doesn’t meet GDPR citing a wide range of issues

    Home » Forums » Cyber Security Information and Advisories » Code Red – Security/Privacy advisories » Microsoft 365 doesn’t meet GDPR citing a wide range of issues

    Author
    Topic
    #2502796

    Kevin Beaumont: “The German federal data protec…” – Cyberplace

    The German federal data protection authority and 17 state regulators (DSK) published a report into Microsoft 365 after two years of work with Microsoft, and declare Microsoft 365 doesn’t meet GDPR citing a wide range of issues. English translation of document:

    2022_24_11_festlegung_MS365_zusammenfassung (1).pdf | DocDroid

    Susan Bradley Patch Lady

    1 user thanked author for this post.
    Viewing 0 reply threads
    Author
    Replies
    • #2502889

      From Russell Kidson’s 01-Dec-2022 article Microsoft Office in Trouble in Germany Due to GDPR on ghacks.net:

      “… The main issue seems to be that under the GDPR, individuals under 13 years of age are not capable of consenting to data collection. Permission may be given by a guardian or other holder of parental responsibility for children under 16 years of age, but the law is clear about companies not being able to collect data from children younger than 13. The unofficial agreement with data collection is that should data be collected from a consenting adult, that person retains the agency to request that their data be deleted.

      Unfortunately, while Microsoft 365 is incredibly useful in school situations, use of the utility requires users to consent to data collection. Particularly, the report highlights that ‘Many of the services included in Microsoft 365 require Microsoft to access the unencrypted, non-pseudonymized data.’ …”

    Viewing 0 reply threads
    Reply To: Microsoft 365 doesn’t meet GDPR citing a wide range of issues

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.

    Your information: