Data that Windows 10 Enterprise and Microsoft Office collects from and about users and stores in a database in the United States poses a risk to the privacy of users, according to research by the Ministry of Justice and Security. The Data Protection Impact Assessment (DPIA) which was executed on the ‘Windows 10 Enterprise’ and ‘Microsoft Office’ collection of information from and about the user which is stored in a database in the US indicates high risks for the privacy of the user “.
The previous resulted in negotiations between the national government and Microsoft on GDPR compliance and an improvement plan which will follow in 2019 and meanwhile limitation of the data streams to Microsoft as much as possible is required, so that the use of Microsoft services can be GDPR compliant. The presentation shows that Microsoft Office collects “secretly” the behavioral data from 300,000 government workplaces, from ministries and police to jurisprudence and supervisors.
According to the researchers, it is also unclear which data Microsoft stores and collects about the behavior of users. It is clear, however, that large-scale processing of personal data is of a sensitive nature, according to the researchers.
Download the Dutch rapport at: https://www.rijksoverheid.nl/binaries/rijksoverheid/documenten/rapporten/2018/11/07/data-protection-impact-assessment-op-microsoft-office/DPIA+Microsoft+Office+2016+and+365+-+20191105.pdf