For the previous two years, Microsoft has been engaged in talks with the German knowledge safety authority. The Datenschutzkonferenz (DSK) then decided that Microsoft’s Workplace bundle doesn’t adjust to the GDPR.
Throughout these two years, nonetheless, they’ve hardly been idle at Microsoft. In a assertion of 8 pages, the DSK says that there are already many enhancements in Microsoft’s coverage in comparison with two years in the past. However, the privateness watchdog is vital and says that Microsoft should do extra if it desires to adjust to the GDPR.
For instance, the DSK pushes ahead the privateness assertion of 365 purposes. It might not be acknowledged clearly sufficient what precisely Microsoft does with consumer knowledge and the way it processes this knowledge. In consequence, says the DSK, Microsoft can not exhibit that it’s utilizing that knowledge in a lawful method – and that’s in opposition to the foundations of the GDPR. The pc large should subsequently change into extra clear about its knowledge processing.
One other drawback is the storage of European consumer knowledge on American servers. In the mean time it’s inconceivable to make use of Microsoft 365 with out sending your knowledge to America. The doc does state that each one knowledge can even be saved in Europe from December 2022, though it’s nonetheless doable that sure knowledge can be despatched throughout the ocean. The DSK subsequently says that these EU servers are a growth in the correct course. However, in keeping with the group, it’s also essential to keep watch over them.
Response from Microsoft
California responded to the DSK’s findings. In a personal assertion Microsoft says it disagrees (“respectfully disagree”) with the findings of the DSK. The writer of the workplace suite says that its companies not solely adjust to the GDPR, however really even exceed sure necessities. Microsoft additionally says that it’s extra clear than many tech firms already are.
Microsoft does say that it desires to change into much more clear than it already is and that it’ll do the required work sooner or later. By the way, they do not actually lose sleep over the DSK’s determination in America. The software program large says it has confidence in 2023. Partly because of a brand new legislation that lays down privateness legal guidelines between the EU and the US, they anticipate to obtain a optimistic GDPR analysis subsequent 12 months.
