Microsoft has once again run into problems with European data regulators after the Dutch Ministry of Justice and Security has declared Microsoft’s mobile Office apps persona non grata for government use.

They commissioned a report from the Privacy Company who found that while Microsoft’s desktop Office 365 ProPlus applications respected GDPR rules Microsoft’s mobile apps and Office Online apps still exported user telemetry data to the USA without proper data controls.

Microsoft had earlier worked with the Dutch government in 2018 to make their desktop apps, used by 30,000 government workers,  compliant with European privacy rules after it was found the apps gathered and exported telemetry data such as email addresses and translation requests to the USA.

While this issue has been addressed the mobile apps have not been modified.

“Moreover, certain technical improvements that Microsoft has implemented in Office 365 ProPlus are not (yet) available in Office Online,” Privacy Company said, noting “from at least three of the mobile apps on iOS, data about the use of the apps are sent to a US-American marketing company that specializes in predictive profiling.”

The Dutch government has once again approached Microsoft to fix the issue, but in the meantime advised that government institutions avoid Office Online and the Office mobile apps.

Two weeks ago the Commissioner for Data Protection and Freedom of Information in the German state Hesse declared that Windows 10 and Office 365 was not compliant with the GDPR for use in schools for much the same reason.

While Microsoft has not responded to request for comments, they had earlier said they are committed to working with customers and governments in the EU to make their products compliant.

Via The Register

Comments