Some items on our site have recently moved. Visit our News Hub for selected articles, special reports, podcasts and other resources.
Microsoft to be asked by German watchdogs to tighten Office 365 data protections
23 September 2020 14:46
Microsoft is to be asked by German watchdogs to improve its data-protection standards for its Office 365 program, MLex has learned. An umbrella group of authorities scrutinized the US giant's data processing and found a series of failings.
It comes after an audit into Microsoft's online service terms and data-protection provisions by a working group of the Datenschutzkonferenz — an association of Germany's 16 state data-protection regulators and the federal authority.
The audit found deficiencies in data-protection standards, including a lack of clarity on defining the data to be processed for different purposes, questions about the opportunities for data controllers to check technical and organizational measures as safeguards for personal data, as well as lapses in information on sub-processors.
Microsoft will now be asked to make improvements, MLex understands.
The investigation looked at the January 2020 version of Microsoft's Office 365 suite of creative and productivity tools for business, education and the home.
The use of Office 365 has raised concerns in Germany before. In August 2019, the 30 largest companies in the state of Bremen were asked to submit answers to a questionnaire about the use of the program in order to examine the security and legality of personal-data processing and transfers to the US.
In the state of Hesse, the local authority voiced concerns about the use of Office 365 in schools and the storage of personal data on servers with possible access by US authorities via its use, claiming that it doesn't comply with the admissibility and traceability of personal data under the EU's General Data Protection Regulation.
The move follows a decision by the EU’s highest court in July that invalidated the Privacy Shield mechanism for EU-US data transfers, citing a lack of protection for personal data arising from US domestic law.
The aim of the discussions between the German watchdogs and Microsoft will be to make adjustments in line with the court’s judgment, MLex understands.
No results found