Security Market Segment LS
Sunday, 14 July 2019 22:23

Microsoft Office 365 and Windows 10 barred from use in German schools

By

The Hessian Commissioner for Data Protection and Freedom of Information has said that the use of Office 365 and Windows 10 was illegal under local data protection laws.

Hesse is one of German's states and the State's Privacy Commissioner has warned that data stored in the cloud by Office 365 could be accessed in the US. In effect, personal information related to teachers and students would be in the cloud and available to US agencies.

Michael Ronellenfitsch, Hesse's data protection commissioner, stated that, even if such information was stored in European data centres, it remained "exposed to possible access by US authorities".

Ronellenfitsch said public institutions in Germany "have a special responsibility with regard to the permissibility and traceability of the processing of personal data."

Further, the German Federal Office for Information Security (BSI) noted that Windows 10 sends "a wealth of telemetry data to Microsoft." BSI requested Microsoft to advise them what data they take, but had received no response. Commentary suggested that data could include anything from standard software diagnostics to user content from inside applications, potentially sentences from documents and email subject lines, all of which contravenes the EU's General Data Protection Regulation (GDPR).

For the past couple of years, Microsoft has provided a localised version of Office 365, which for quite some time Ronellenfitsch had supported, stating in 2017 that schools could use Office 365, provided that they adhere to Germany's data protection laws. Recently, permission to use that local resource was rescinded, when all services were migrated back to US data centres.

Ronellenfitsch asserts that mere consent to the rules Microsoft provides is not sufficient, because the data remains compromised as the security and traceability remain dubious.

Ronellenfitsch adds, "As soon as, in particular, the possible third-party access to the data in the cloud and the issue of telemetry data have been resolved in a comprehensible and data protection-compliant manner, Office 365 can be used as a cloud solution by schools." (translation via Google Translate)

The full statement (in German) is available here

Buried in that statement is the observation (in German, translated using Google translate): "The HBDI is aware of the demands that vocational schools, in particular, make for the use of office packages. Therefore, there is also the interest to come together with Microsoft for a privacy-compliant solution. However, this is not up to HBDI or the other German supervisory authorities, but especially to Microsoft itself. As soon as the possible access of third parties to the data in the cloud as well as the topic of the telemetry data are reconciled and compliant with data protection, Office 365 can act as a cloud Solution can be used by schools. Until then, school can use other tools such as on-premise licenses on local systems."

Essentially, this statement is offering schools the option of Windows 7 and whatever stand-alone Office version they can purchase.

Further, the statement notes, "What is true for Microsoft is also true for the Google and Apple cloud solutions. The cloud solutions of these providers have so far not been transparent and comprehensibly set out. Therefore, it is also true that for schools, the privacy-compliant use is currently not possible." (grammar slightly edited for clarity).


Subscribe to ITWIRE UPDATE Newsletter here

Active Vs. Passive DWDM Solutions

An active approach to your growing optical transport network & connectivity needs.

Building dark fibre network infrastructure using WDM technology used to be considered a complex challenge that only carriers have the means to implement.

This has led many enterprises to build passive networks, which are inferior in quality and ultimately limit their future growth.

Why are passive solutions considered inferior? And what makes active solutions great?

Read more about these two solutions, and how PacketLight fits into all this.

CLICK HERE!

WEBINAR INVITE 8th & 10th September: 5G Performing At The Edge

Don't miss the only 5G and edge performance-focused event in the industry!

Edge computing will play a critical part within digital transformation initiatives across every industry sector. It promises operational speed and efficiency, improved customer service, and reduced operational costs.

This coupled with the new capabilities 5G brings opens up huge opportunities for both network operators and enterprise organisations.

But these technologies will only reach their full potential with assured delivery and performance – with a trust model in place.

With this in mind, we are pleased to announce a two-part digital event, sponsored by Accedian, on the 8th & 10th of September titled 5G: Performing at the Edge.

REGISTER HERE!

BACK TO HOME PAGE
David Heath

David Heath has had a long and varied career in the IT industry having worked as a Pre-sales Network Engineer (remember Novell NetWare?), General Manager of IT&T for the TV Shopping Network, as a Technical manager in the Biometrics industry, and as a Technical Trainer and Instructional Designer in the industrial control sector. In all aspects, security has been a driving focus. Throughout his career, David has sought to inform and educate people and has done that through his writings and in more formal educational environments.

Share News tips for the iTWire Journalists? Your tip will be anonymous

WEBINARS ONLINE & DEMAND

GUEST ARTICLES

VENDOR NEWS

Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News