Microsoft Violates GDPR by Covertly Collecting MS Office Data
NEWS

Microsoft Violates GDPR by Covertly Collecting MS Office Data

Would you be surprised to find out that Microsoft is not complying with the data collection rules established by the GDPR?

More specifically, at fault of breaking the EU regulations is the telemetry data collection mechanism utilized by Microsoft Office, as reported by Dutch authorities.




Large Scale Collection of Personal Data through Office 2016 and Office 365

Investigators outlined eight issues in ProPlus subscriptions of Office 2016 and Office 365, as they identified a “large scale and covert collection of personal data”. The covert data collection is possible thanks to MS Office’s built-in telemetry, and users are not aware of it. Furthermore, the authorities couldn’t find any official documentation outlining the type of data that is being collected. To top that off, they also didn’t find a way to turn off the telemetry.

This is a serious violation not only of GDPR but also of the privacy of all MS Office users.Not surprisingly, Microsoft is collecting diagnostics data which is considered a standard practice. But the real issue is located in the way that Office apps collect the content from users’ apps.

This type of data includes email subject lines, and whole sentences from documents collected by Microsoft’s translation and spellchecker tools.

Related:
he newly added monitoring elements are called Active monitoring and heartbeat, and it appears they are sending user data to CCleaner servers.
CCleaner v5.45 Introduces Data Collection with No Way to Opt-Out

The report also says that Microsoft’s telemetry system sent Dutch user data to US servers, thus creating a possibility for US law enforcement to seize the data.

This finding has made the Dutch government extremely concerned, as government-related information may have also been collected via the telemetry system, ending up on US servers. According to statistics, MS Office apps are used on more than 300,000 computers.

It is curious to note that the investigators discovered Office telemetry data collection is far more expensive than Windows 10 telemetry.

Apparently, Microsoft collects up to 25,000 types of Office events data which is accessible to at least 30 engineering teams. Windows 10, on the other hand, is said to collect not more than 1,200 event types, with this data being shared with approximately 10 engineering teams.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum for 4 years. Enjoys ‘Mr. Robot’ and fears ‘1984’. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles!

More Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...