A recent data protection impact assessment (DPIA) made by Privacy Company on behalf of the Dutch Ministry of Security and Justice found that another data scandal is afoot, with Microsoft collecting and storing data of its individual users without their knowledge.
“The results of this Data Protection Impact Assessment (DPIA) are alarming,” the report explained. “Microsoft collects and stores personal data about the behaviour of individual employees on a large scale, without any public documentation.” The Dutch government commissioned the report to help its 300,000 workstations nationwide understand how to best handle their relationship with Microsoft, according to The Next Web.
“Microsoft does not offer any choice with regard to the amount of data, or possibility to switch off the collection, or ability to see what data are collected, because the data stream is encoded,” the report continued. “Similar to the practice in Windows 10, Microsoft has included separate software in the Office software that regularly sends telemetry data to its own servers in the United States.”
The telemetry data issue is particularly worrisome, as the Dutch are planning on moving from storing their data locally to using Microsoft cloud programs SharePoint, OneDrive, and possibly the web-only version of Office 365. The DPIA finds that these new methods may have “high data protection risks for data subjects.”
The report does clarify that Microsoft is making adjustments to such privacy concerns such as a telemetry data viewer tool and a new “zero-exhaust setting.” Privacy Company recommends that admins of the enterprise version of Office ProPlus, particularly those in the Netherlands, should take the extra precautions of centrally prohibiting the use of Connected Services and the option for users to send personal data to Microsoft to ‘improve Office,’ not using SharePoint Online, OneDrive, or web-only version of Office 365, and applying the new zero-exhaust settings.