Apple iWork and Google Docs were also censured in the ruling
German schools have banned cloud-based software from technology giants Microsoft, Google and Apple, amid concerns that user privacy is not being adequately upheld.
A review conducted by the Hesse Commissioner for Data Protection and Freedom of Information (HBDI) concluded that Microsoft Office 365 and Windows 10 are not suitable for use within the German state’s schools. A principal concern is that Microsoft stores its data in a European cloud which is penetrable by the US authorities. This is of particular importance due to the nature of the information being stored, with much of it being children’s data.
The investigative body’s second main qualm was with the extent of Microsoft’s data mining. The HBDI maintained that the Windows 10 operating system was sucking up lots of telemetry data and passing it on to Microsoft. When asked to disclose the nature of the data, the company reportedly refused, despite being asked to do so by authorities.
Microsoft’s Azure Deutschland presence in Germany began back in 2016, with the firm initially adhering to a “data trustee” model, in which third party Deutsche Telekom ensured via the provision of a private cloud that no data passed through the public internet. This meant that Microsoft did not have ready access to its customers’ data. It was against this backdrop that the HDBI permitted German schools to use Office 365 in August 2017.
One year on, Microsoft withdrew from the data trustee model it had established, reverting to its regular data centre model. This removed the safeguard between German data centres and the worldwide Azure cloud. Privacy concerns abounded in Germany, but schools continued to use Office 365 regardless. This drove HBDI to reassess the situation, which ultimately culminated in the ban.
HBDI was resolute in the ruling, warning that “The digital sovereignty of state data processing must be guaranteed”. As for how Microsoft can regain credit, seeking user consent has been deemed insufficient. If users can’t be sure what data Microsoft is taking from them or how the company will use it, the consent given rests on shaky grounds. Microsoft needs to overhaul its approach to third-party data access and Microsoft Office 365/Windows 10 telemetry, HBDI advises, before it can re-enter the market.