Dutch Question Microsoft Over Office Data Telemetry Collection Violations under GDPR
The Netherlands Data Protection Authority has found that Microsoft Office is in violation of eight regulations in the European Union’s General Data Protection Regulation (GDPR), according to recent media reports. The concerns center around the built-in telemetry data collection mechanism of the product in ProPlus subscriptions of Office as well as the web-based version of Office 365.
The investigation by Dutch authorities has found that Microsoft engaged in large scale and covert personal data collection via Office 2016 and Office. They said that Microsoft did not properly inform users of its data collection, and did not provide a way to turn the collection off for its European visitors. The report also found that Dutch user data was sent to US servers.
The investigation indicated that Microsoft collected actual email subject lines and sentences from documents where its translation or spell check functions were used.
The Dutch government and Microsoft have been in contact about the report and Microsoft has already rolled out a setting for Office users to address two of the of the issues, according to the report. Microsoft has also said that it intends to be more transparent about the information it collects and provide more options to select their desired level of data collection, as well as a tool to provide visibility into the information collected.
The solutions are similar to actions taken by Microsoft to address privacy issues with Windows 10 telemetry in 2016. There has been no indication yet whether Microsoft will face a fine under GDPR for its violations.
Other Blog Posts on GDPR Enforcment:
More DPAs Issuing GDPR Fines and Warnings
EDPB Releases Guidelines on Territorial Scope of GDPR
EDPB Releases Comments on DPIA Requirements under Article 35.4
Austria Issues First GDPR Fine
Privacy Complaints Up in France after GDPR
ICO Threatens Max GDPR Fine to AggregateIQ
ULD DPA Issues Ban on Data Processing Under GDPR
Data Privacy Complaints Double in UK under GDPR
German DPA Circulates GDPR Compliance Survey
Contact Clarip for Help with Your Privacy Program
The Clarip privacy software and team are available to help improve privacy practices at your organization. Click here to contact us (return messages within 24 hours) or call 1-888-252-5653 to schedule a demo or speak to a member of the Clarip team.
If you are working towards GDPR compliance, we can help through our modular GDPR software. Whether you are starting the process with GDPR data mapping automation, need privacy impact assessment software, or looking to meet ePrivacy requirements with cookie management software, Clarip can help strengthen your privacy program.
If CCPA compliance in 2020 is on your radar, ask us about our California Consumer Privacy Act software. Improve efficiency of responses to data subject access requests with our DSAR software, or provide the right to opt out of the sale of personal information with our consent management platform.
Click here to contact us (return messages within 24 hours) or call 1-888-252-5653 to schedule a demo and speak to a member of the Clarip team.