The state of Hesse in central Germany is banning schools from using the famous office suite Microsoft Office 365! According to a notice from the Office of Data Protection in Hesse, the Office 365 cloud platform will reveal personal information of students and teachers and "America will be able to retrieve this information."
It sounds like this is an attack on Europe by the United States with concerns about privacy data but the fact that the Office of Data Protection and Freedom of Information in the state of Hesse is the result. After years of internal debate about whether to allow schools and institutes in Germany to use Microsoft software. Besides the detailed data that users provide when using the platform, Office 365 also sends other types of remote data to the US.
Last year, Dutch investigators discovered that data sent could include everything from software diagnostic information to content within Office 365 applications such as in-text sentences. copy, email. They all violate the General Data Protection Regulation (GDPR) enacted by Europe in May 2018. The German Federal Information Security Office also shows similar concerns about Remote data types are exploited by the Windows operating system.
In fact, in 2017, due to concerns about private data in Germany, Microsoft invested millions of dollars in a cloud service in Germany and the state of Hesse at that time said local schools could using Office 365. "If the German data is still in Germany, everything will be fine" according to the commissioner of the State of Hesse Data Protection – Michael Ronellenfitsch.
However, in August 2018, Microsoft decided to close the cloud service in Germany and once again, data from Office 365 users in the country was transmitted across the Atlantic to the United States. Accompanying many US laws, such as the CLOUD Act cloud computing law in 2018 and the US Freedom Freedom Act 2015, also allow Washington to request access to data from technology companies.
A university in Hesse.
Talking to ZDNet, Max Schrems, an Austrian digital rights advocate, said he submitted the case to the highest court in Europe. He said students often do not speak up and "if data is sent to Microsoft servers in the US, it will be governed by US surveillance laws. This is illegal under European law."
Even if it is not sent to the US, public institutions in Germany such as schools will have specific responsibilities with the personal data of each student and teacher as well as ensuring transparency about this, explains Ronellenfitsch.
Although the German and Microsoft authorities are conducting many discussions, it is difficult to enforce data responsibilities as suggested by Ronellenfitsch. A Microsoft spokesperson said: "We are grateful to the trustees in Hesse for addressing privacy concerns and we look forward to working with the authorities to better understand the term. their interest. "
The Microsoft representative also pointed out that Microsoft has sued the US government to protect data users and IT administrators at schools and offices can limit the type of information sent to Microsoft. However, the transmission of information cannot be completely disabled.
Schools are not the only public unit that suspects Microsoft. Earlier this year, Vitako – the association of IT service providers for German cities also complained that local councils using Office 365 meant the risk of personal information of every German citizen. from driving license to marriage certificate will be sent to the US.
One of the IT administrators from Cologne said that with the cost of buying a license, users would expect a less manageable and more secure product instead of a risk to residential community.
In 2018, the German ministries and federal agencies spent nearly 73 million EUR to buy Microsoft software licenses, exceeding the budget by 26 million EUR and the possibility of this is the license renewal fee. used.
And in fact, this is part of a long-term effort to protect data against the risk of leaking toward the US or China in the wake of calls for data sovereignty. But "We have to reconsider this and invest in the right place," said Andreas Koenen, a member of the German Ministry of the Interior, at a seminar on domestic cloud services in Berlin earlier this year and Koenen. think they are dealing with the problem under political pressure.
Going back to the case of Office 365, it is likely that there will be legal action after the Austrian activist filed a lawsuit in the highest court in Europe. Max Schrems won a similar incident in 2015, reversing the Safe Habor agreement – a transfer agreement to manage data between the US and Europe replaced by the Privacy Shield Act in 2016. This time, the case will continue to challenge the Privacy Shield law as well as be able to resist what is known as the Standard Contract Terms currently managing transatlantic data rotation. Part of the data sent to Microsoft servers is also being controlled by this clause and the outcome of the lawsuit can disrupt the global flow of data on a large scale.
Currently students in central Germany will have to follow instructions from the Privacy Data Office in Hesse, ie use alternative software while waiting for feedback from Microsoft.