Skip to main content
  1. Home
  2. Computing
  3. News

Office 365 has been banned from German schools due to privacy concerns

Add as a preferred source on Google
Microsoft surface
Microsoft Image Gallery/Microsoft

Cloud-based productivity apps aren’t exactly the kinds of apps you’d normally think were deserving of being banned from a school. But a few schools in Germany have done just that, and Microsoft’s Office 365 is the target.

According to TNW, German state Hesse has found that Office 365’s current configuration isn’t compliant enough with the European Union’s new General Data Protection Regulation (GDPR) guidelines to be utilized in German schools.

Recommended Videos

On July 9, a statement on the legality of using Office 365 in German schools, was published online by the Hessian commissioner for data protection and freedom of information. According to a translated version of that statement, the first concern with using Office 365 in German public schools is that using the cloud service also involves schools having to store the personal data of children in a European cloud, which could, in turn, be accessible “by U.S. authorities.”

As TNW notes, this particular issue came about because initially, such schools used to store this personal data in a German data center until Microsoft shut that center down in 2018. As a result, the storage of that data was moved to a European data center that may allow U.S. authorities access to that information.

And the other concern is that like Windows 10, Office 365 transmits “a wealth of telemetry data” to Microsoft and, as the Commissioner notes, Microsoft hasn’t clarified the exact nature of the content of that data “despite repeated inquiries.” TNW also noted that this telemetry data can contain personal information such as “user content from Office applications” or even email subject lines in addition to software diagnostic data. And collecting this kind of personal data is illegal according to the EU’s GDPR guidelines. The only possible loophole is asking for individual consent for the collection of this data, but since kids can’t provide that consent, collecting this data from their usage of Office 365 is still illegal.

It is essentially because of these issues, that the commissioner has ruled that Office 365 and Windows 10 cannot be used in schools since they aren’t GDPR compliant.

In addition, the Commissioner also said that the use of Google and Apple cloud services aren’t acceptable alternatives to using Office 365 in German public schools because those services suffer from the same issues and are just as noncompliant, citing a lack of transparency. Instead, the commissioner has advised that schools use local, “on-premises” software versions of Microsoft Office apps until cloud services like Office 365 become GDPR compliant.

On July 16, Microsoft did issue its own statement to TNW regarding the Office 365 privacy concerns. In the statement, Microsoft emphasized its own efforts to be more transparent about its data collection, its efforts to allow customers to have more control over their data, and expressed an interest in working with the commissioner directly to address its concerns:

“We routinely work to address customer concerns by clarifying our policies and data protection practices, and we look forward to working with the Hessian Commissioner to better understand their concerns. When Office 365 is connected to a work or school account, administrators have a range of options to limit features that are enabled by sending data to Microsoft. We recently announced (here and here), based on customer feedback, new steps towards even greater transparency and control for these organizations when it comes to sharing this data. In our service terms we document the steps we take to protect customer data, and we’ve even successfully sued the U.S. government over access to customer data in Europe. In short, we’re thankful the commissioner raised these concerns and we look forward to engaging further with the Commissioner on its questions and concerns related to Microsoft’s offerings.”

Anita George
Anita George has been writing for Digital Trends' Computing section since 2018. So for almost six years, Anita has written…
South Korea wants to give every citizen free, unlimited access to its own AI chatbot
The government-backed service could turn generative AI into public infrastructure instead of another monthly subscription
Electronics, Mobile Phone, Phone

South Korea wants to give every citizen free access to an AI chatbot with no usage limits. That puts the technology closer to a public utility than another premium service demanding a monthly subscription.

The Ministry of Science and ICT announced the AI for Everyone project on July 13. Private companies will build the platform around locally developed models, while a separate AI agent will help people navigate government services. It’s a more practical job than generating emails or settling arguments nobody wanted to research themselves.

Read more
Falling in love with a chatbot is now off limits for kids in China
The crackdown targets emotional AI relationships as regulators worry about the country's record low birthrate.
Replika AI companion app on an iPhone in hand

Ever since AI chatbots arrived on the scene, there has been one aspect that has worried lawmakers and experts a lot: humans forming emotional connections with chatbots. There have been plenty of cases where over-reliance on these AI companions or partners has resulted in medical emergencies, lost lives, and triggered multiple lawsuits against the likes of OpenAI and Meta.

China cracks down on AI companion apps

Read more
Russian hackers keep finding their way into critical networks through neglected routers
A multinational warning says outdated firmware, weak passwords, and insecure settings are giving state-backed attackers an easy opening
A Wi-Fi router next to a laptop.

Russian state-backed hackers have spent more than a decade exploiting a stubborn weakness in critical infrastructure networks. Organizations are still leaving poorly configured and outdated routers exposed to the internet.

In a joint cybersecurity advisory, the NSA, CISA, FBI, and international partners warn that hackers linked to Center 16 of Russia’s Federal Security Service are continuing to target vulnerable networking equipment. Energy, healthcare, and government networks are among the sectors facing the highest risk.

Read more