The European Data Protection Authority has severe concerns about the way Microsoft collects data for Windows and Office 365. It goes way too far, while the permission of users remains too vague.
The investigation of the European Data Protection Supervisor (EDPS) started in April. This week comes with a preliminary interim statement. In it, the organisation states that it has serious concerns about the conditions in the contracts between Microsoft and European organisations.
Specifically, it is about how Microsoft collects data and how it uses that data. Under GDPR legislation, it must be clear, among other things, what someone permits for.
The law also requires a distinction as to why certain data is used. For example, data that is used to make a product more secure or data to determine whether someone also uses a competitor’s software.
The research is a follow-up to the findings made by the Dutch government a year ago. There, the government noted that data was collected via Office 365, among other things, without users being aware of it.
EDPS refers to the Netherlands, where improvements have been made to the agreements between Microsoft and the government. “The EDPS believes that such solutions should be extended to all public and private organisations in the EU in the short term, and individual users.”
