Germany's federal and state data protection authorities (DSK) have raised concerns about the compatibility of Microsoft 365 with data protection laws in Germany and the wider European Union.
According to the
German watchdog's report [PDF], which was written after two years of negotiations with Microsoft, the body says that the product "remains in breach" of the General Data Protection Regulation (GDPR).
The 2020 working group was put together to bring the cloud service into line with the Schrems II decision of the European Court of Justice – and relates to ongoing European concerns about cloud data sovereignty, competition, and privacy rules.
Under the GDPR, children below the age of 13 are incapable of consenting to their data being collected, while consent may be given by those with parental responsibility for those under 16 but not younger than 13. When platforms do store data on adults, those customers are meant to be able to request the deletion of their records.
The report adds (translated from the German): "Many of the services included in Microsoft 365 require Microsoft to access the unencrypted, non-pseudonymized data."
The DSK report means the office suite is therefore not suitable for legally compliant use in schools or public authorities in Germany, although it won't affect use by businesses or consumers.
www.theregister.com
