Since its enter into force just over a year ago, multiple technology companies have had serious problems complying with the European Union General Data Protection Regulation (GDPR), which could have serious financial consequences an irreversible image damages, data protection specialists say.
Now, the Dutch Ministry of Justice and
Security’s decision to suspend the use of Microsoft Office mobile applications
was recently announced due to some GDPR non compliances.
According to data protection experts, the Dutch
authorities, in collaboration with a privacy advisory firm, submitted a report
whose main conclusion is that, despite the Microsoft Office desktop suite
complies with the GDPR guidelines, office mobile apps and some online services
do not have data privacy controls that are appropriate to the current
cybersecurity and technological context.
Prior to the entry into force of GDPR, the
Netherlands began working with Microsoft
to make its desktop applications, used by more than 30k public employees, meet
the new privacy standards in the European Union. It had previously been
revealed that these desktop applications sent telemetry data (email addresses,
search engine queries) to servers in the U.S.
“We found that at least three of
Microsoft’s iOS applications send some data about their use to a US marketing
company. In addition, some recent modifications that Microsoft recently
released for Office 365 ProPlus are still not available for online platforms
(Office Online),” the report mentions.
The Dutch government-issued instruction is
that, at least for now, public institutions should avoid using Office Online
and Microsoft Office mobile apps. The company is expected to contact the
authorities to begin work on correcting this incident.
According to data protection specialists from
the International Institute of Cyber Security (IICS), the company has made no
changes to its mobile applications and online platforms.
This is just a new drawback for Microsoft in
Europe. A few weeks ago, the Data Protection and Freedom of Information
Commission in Hesse, Germany, banned the use of the Microsoft Office suite in
government offices for reasons virtually identical to those argued by the Dutch
Microsoft has made no official statements about
these incidents, although nearby sources claim that the company will be working
with governments and data regulators in the European Union to correct these
failures and make its products GDPR compliant.