Tuesday January 28, 2020
Home Lead Story Schools in Ge...

Schools in Germany Ban Use of Microsoft Office 365 Over Data Privacy

The authority said what is true for Microsoft is also true for the Google and Apple cloud solutions

0
//
Microsoft, Taiwan AI
A man walks past a Microsoft sign set up for the Microsoft BUILD conference at Moscone Center in San Francisco, April 28, 2015. VOA

In a first such case globally, schools in Germany have banned the use of Microsoft Office 365, after a data privacy authority for the state of Hesse ruled that using the popular software exposes personal information of students and teachers “to potential access by US authorities”.

“The use of Microsoft Office 365 in schools is illegal under data protection law, as far as schools store personal data in the European cloud,” said the ruling by Michael Ronellenfitsch, the Hesse Commissioner for Data Protection and Freedom of Information (HBDI).

In declaring that Windows 10 and Office 365 is not compliant with EU General Data Protection Regulation (GDPR) for use in schools, this development ends years of debate over whether “schools can use Microsoft’s Office 365 software in compliance with data protection regulations”.

The Hesse Commissioner has suggested schools to switch to similar applications with on-premise licenses on local systems.

Microsoft said it looks forward to working with the Hesse Commissioner to better understand their concerns.

“When Office 365 is connected to a work or school account, administrators have a range of options to limit features that are enabled by sending data to Microsoft. We recently announced based on customer feedback, new steps towards even greater transparency and control for these organizations when it comes to sharing this data,” a Microsoft spokesperson told Arstechnica in a statement.

microsoft, xbox
FILE – A sign for Microsoft is seen on a building in Cambridge, Massachusetts, March 18, 2017. VOA

For years, there has been a discussion in Germany about whether schools can use Microsoft’s Office 365 software in compliance with data protection regulations.

In August 2018, Microsoft announced to the public that for the Germany cloud contracts are no longer offered and the distribution of this product is discontinued.

Since then, the data protection authority asked a large number of teachers and school administrators, as well as school authorities, to use Office 365 in the European cloud.

“With the use of the Windows 10 operating system, a wealth of telemetry data is transmitted to Microsoft, whose content has not been finally clarified despite repeated inquiries at Microsoft. Such data is also transmitted when using Office 365. Also, the digital sovereignty of state data processing must be guaranteed,” said HBDI.

Also Read: Facebook Not to Launch Libra Until Regulators are Fully Satisfied

The authority said what is true for Microsoft is also true for the Google and Apple cloud solutions.

“The cloud solutions of these providers have so far not been transparent and comprehensible set out. Therefore, it is also true that for schools the privacy-compliant use is currently not possible,” said HBDI. (IANS)

Next Story

Data Privacy Cause of Concern Without Structural Framework

There are other concerns from the industry as well

0
Data, Apps, Privacy
As cybersecurity firm Kaspersky explained in a blog, most apps collect some information about the user. Pixabay

The Indian Data Protection bill 2019 which aims to help consumers exercise their privacy rights needs a proper structural framework else personal data of millions of users in the country will be at stake, leading industry experts said on Monday.

As the world observes Data Privacy Day on January 28, experts and leading industry bodies have already demanded clarification in several areas of ambiguity that exists in the draft Bill.

The Personal Data Protection Bill 2019, which was introduced in Lok Sabha in the winter session last year, has been referred to a Joint Parliamentary Committee (JPC) of both the Houses. The JPC has been constituted under the chairmanship of New Delhi MP Meenakashi Lekhi for examination and report.

“Although the Indian Data Protection bill aims to play an important role in fabricating regulations for governing the increasingly data-driven landscape, without a structural framework data privacy becomes a cause of concern, Lovneesh Chanana, Vice President, Digital Governments (Asia Pacific & Japan), SAP, told IANS.

A report by the Internet and Mobile Association of India (IAMAI) in December said that the bill categorises data as Personal data, Sensitive Personal data and Critical Personal data, but the industry lacks clarity on to which data qualifies under which head and hence is not equipped to take necessary precautions.

“The problem gets aggravated when data collection and processing are done by different agencies, in which case, each fiduciary will have to take consent at every step of the operation,” said the report.

Telecom Minister Ravi Shankar Prasad, while introducing the Personal Data Protection Bill, 2019, in the Lok Sabha on December 11, announced that the draft Bill empowers the government to ask companies including Facebook, Google and others for anonymised personal data and non-personal data.

However, there are concerns around a provision in the draft bill, seeking to allow the use of personal and non-personal data of users in some cases, especially when national security is involved.

Data,Privacy
A French soldier watches code lines on his computer during the International Cybersecurity forum in Lille, northern France, Jan. 23, 2019. VOA

Several legal experts have said the provision will give the government unaccounted access to personal data of users in the country.

Ashish Aggarwal, Senior Director and Head, Policy & Advocacy, NASSCOM, however, said the Indian Data Protection bill will be the basis for consumers to exercise their privacy rights.

“The industry will benefit from increased trust by implementing the law diligently. The IT industry has a huge role in using technology solutions to implement the key principles of the law for both the industry and government, in an intuitive and cost effective manner,” Aggarwal told IANS.

There are other concerns from the industry as well.

Also Read: Tesla CEO Elon Musk Allays Environmental Fears on Tesla’s Plant in Germany

Shankar Roddam, Chief Operating Officer, Subex said that the Data Protection bill 2019 talks about monetary compositions like penalties for any abuse or failure to comply with guidelines.

“I personally feel that government should consider sanctions that are being monetary compositions like banning certain privileges for subsidies, funding, directorship, etc. This will help ensure privacy and regulate protection for companies,” Roddam noted.

The experts have demanded clarification in several areas of ambiguity that exists in the draft Bill which need to be better clarified for businesses to fully comprehend the extent of adjustments businesses will have to do to comply with them. (IANS)