German privacy regulator: Microsoft 365 continues to violate the GDPR – Informatica – News

You have to see such a report in its context, MS is a corporate player who has both governments and large corporations as clients, both of which can be very difficult and difficult in their audits.

As long as the conclusions are similar

For example, according to the DSK, the company unable to express himself clearly what personal data is collected and why.

So they say, but it’s too hard to say

For now, it would not be possible to use Microsoft’s 365 services without sending personal data to the United States.

Sounds worse, but what data are we talking about here? Such an audit will already be difficult if it’s just the name, which is a problem if a US company wants to call me on Teams, so my name will really need to be on a US server.

The DSK states that some data can still be viewed by Microsoft without encryption.

Again, it seems to me that this is more of a detail, some data (which may also be about your online status in Teams) which is not encrypted could be displayed if people really wanted to.

I can’t find the original report right away, Tweakers links to a summary but I remember a previous audit that weighed heavily on an admin’s ability to move a company-managed mobile device from “private” (BYOD) to “corporate” without that the user can prevent this, so that the administrator can find out what other apps have been installed on a BYOD device, but no more.

What I’m getting at is that as long as such heavy audits go as far as complaining about the details, it’s generally very good. This does not mean, of course, that some details cannot be important or are not justified, but such audits always lead to something.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Recent News

Editor's Pick