Microsoft products do not comply with German data protection laws!

M.Sc. Jan Hörnemann

Microsoft products do not comply with German data protection laws!

Microsoft products have become an integral part of most companies and schools. Due to the Corona pandemic, Microsoft teams in particular gained users in addition to the usual products, such as Microsoft Word or Microsoft Power Point. At the data protection conference, data protection activists from Germany have now announced that Microsoft products do not comply with data protection laws in Germany.

Dependence on Microsoft products

A market analysis commissioned by the Federal Ministry states that approx. 96% of all German authorities use Microsoft products. This dependency could already have increased due to Corona, because many companies but also schools had to offer home office. With the product Microsoft-Teams Microsoft provides a product which contains many things which are needed for a successful home office. These include the ability to conduct video conferences, an integrated chat but also the possibility to share files quickly and easily with colleagues.

If the dependence on this American company continues to grow, it will become more and more difficult to establish a solution that is compliant with data protection. This is because a group of data protection specialists from Germany have been sifting through and evaluating contracts and documents agreed between German authorities and Microsoft. The result of this investigation is that no data protection-compliant use of Microsoft 365 is possible.

The fact that many authorities use Microsoft products without checking the requirements for data protection is particularly criticized. Microsoft products and data protection are a well-known topic, but the group is particularly critical of the passing on of data to third parties!

Microsoft products and the data protection problem: no unanimity

According to mirror information all state data protection officers agree that in this case, quick action must be taken before the dependency becomes too great. All but Bavaria agree with this opinion. The investigation of the data protection group is legally questionable. These doubts were communicated by the data protection authority of Bavaria in a circular mail and thus opposed the publication, but it should be mentioned that the headquarters of Microsoft Deutschland GmbH is located in Munich.

Even the EU expresses legal doubts about Microsoft products and data protection. In a report by the European Data Protection Commissioner, initial investigations have already been conducted at EU level.

It remains to be seen what the results and consequences will be of future investigations. But the issue between Microsoft products and data protection, both in Germany and in the EU, is far from over.

Photo of author

M.Sc. Jan Hörnemann

Hello dear reader, my name is Jan Hörnemann. I am a TeleTrust Information Security Professional (T.I.S.P.) and have been dealing with information security topics on an almost daily basis since 2016. CeHv10 was my first hands-on certification in the field. With a Master of Science degree in Internet Security, I have learned about many different aspects and try to share them in live hacking shows as well as on our blog. In addition, I am active as an information security officer and have been qualified by TÜV for this activity (ISB according to ISO 27001)