2020 / Uncategorized

Microsoft products do not comply with German data protection laws!

Microsoft products do not comply with German data protection laws!

Microsoft products have become an integral part of most companies and schools. Due to the Corona pandemic, Microsoft teams in particular gained users in addition to the usual products, such as Microsoft Word or Microsoft Power Point. At the data protection conference, data protection activists from Germany have now announced that Microsoft products do not comply with data protection laws in Germany.

Dependence on Microsoft products

A market analysis commissioned by the Federal Ministry states that approx. 96% of all German authorities use Microsoft products. This dependency could already have increased due to Corona, because many companies but also schools had to offer home office. With the product Microsoft-Teams Microsoft provides a product which contains many things which are needed for a successful home office. These include the ability to conduct video conferences, an integrated chat but also the possibility to share files quickly and easily with colleagues.

If the dependence on this American company continues to grow, it will become more and more difficult to establish a solution that is compliant with data protection. This is because a group of data protection specialists from Germany have been sifting through and evaluating contracts and documents agreed between German authorities and Microsoft. The result of this investigation is that no data protection-compliant use of Microsoft 365 is possible.

The fact that many authorities use Microsoft products without checking the requirements for data protection is particularly criticized. Microsoft products and data protection are a well-known topic, but the group is particularly critical of the passing on of data to third parties!

Microsoft products and the data protection problem: no unanimity

According to mirror information all state data protection officers agree that in this case, quick action must be taken before the dependency becomes too great. All but Bavaria agree with this opinion. The investigation of the data protection group is legally questionable. These doubts were communicated by the data protection authority of Bavaria in a circular mail and thus opposed the publication, but it should be mentioned that the headquarters of Microsoft Deutschland GmbH is located in Munich.

Even the EU expresses legal doubts about Microsoft products and data protection. In a report by the European Data Protection Commissioner, initial investigations have already been conducted at EU level.

It remains to be seen what the results and consequences will be of future investigations. But the issue between Microsoft products and data protection, both in Germany and in the EU, is far from over.

Photo of author

Chris Wojzechowski

Mein Name ist Chris Wojzechowski und ich habe vor wenigen Jahren meinen Master in Internet-Sicherheit in Gelsenkirchen studiert. Ich bin geschäftsführender Gesellschafter der AWARE7 GmbH und ausgebildeter IT-Risk Manager, IT-Grundschutz Praktiker (TÜV) und besitze die Prüfverfahrenskompetenz für § 8a BSIG. Unser Brot und Buttergeschäft ist die Durchführung von Penetrationstests. Wir setzen uns darüber hinaus für ein breites Verständnis für IT-Sicherheit in Europa ein und bieten aus diesem Grund den Großteil unserer Produkte kostenfrei an.