IT security services specialists report that the German Commission for Data Protection and Freedom of Information has stated that Microsoft services Windows 10 and Office 365 systems do not meet sufficient requirements for use in academic institutions in the state of Hesse.
As reported, this decision has to do with the
telemetry that these two cloud-connected services send to Microsoft
headquarters in the U.S., ranging from standard software diagnostics to user
content from internal applications (some documents’ sentences and email subject
According to IT security services specialists,
Microsoft used to send a special version of these applications, which stored
the data in data centers in Europe. That permission ended a few days ago, so
the data is been sent directly to Microsoft in the U.S.
The Information Commissioner of the State of
Hesse mentioned that all public institutions in Germany have a special
commitment to the permissibility and traceability of the processing of personal
“As soon as this potential access to our
data is investigated in the cloud by third parties, as well as research on
telemetry data, Office 365 may be used again at the academic institutions at
Hesse”, the commissioner added.
The Commission mentioned that Microsoft’s cloud
inconveniences also affected other IT services contracted by institutions in
Germany, provided by companies such as Google
and Apple. “So far these services have not been transparent, at the moment
it is impossible to guarantee total privacy of information in Hesse
schools,” the commission said.
IT security services experts at the
International Institute of Cyber Security (IICS) mention that this mainly
affects schools because, until Microsoft resolves the issues present in its
cloud services, institutions will have to resort to the use of other software
solutions. It is not yet known how the company will respond to this decision of
the state of Hesse, most likely having to resort to the use of data centers in