Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
Microsoft Office
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
=== Privacy === On November 13, 2018, a report initiated by the Government of the Netherlands concluded that [[Microsoft Office 2016]] and Office 365 do not comply with [[General Data Protection Regulation|GDPR]], the European law which regulates data protection and privacy for all citizens in and outside the EU and [[European Free Trade Association|EFTA]] region.<ref>{{Cite web |title=Impact assessment shows privacy risks Microsoft Office ProPlus Enterprise - Blogpost |url=https://www.privacycompany.eu/blogpost-en/impact-assessment-shows-privacy-risks-microsoft-office-proplus-enterprise |url-status=live |archive-url=https://web.archive.org/web/20210216085843/https://www.privacycompany.eu/blogpost-en/impact-assessment-shows-privacy-risks-microsoft-office-proplus-enterprise |archive-date=February 16, 2021 |access-date=March 26, 2021 |website=www.privacycompany.eu}}</ref> The investigation was initiated by the observation that Microsoft does not reveal or share publicly any data collected about users of its software. In addition, the company does not provide users of its (Office) software an option to turn off diagnostic and [[telemetry]] data sent back to the company. Researchers found that most of the data that the Microsoft software collects and "sends home" is diagnostics. Researchers also observed that Microsoft "seemingly tried to make the system GDPR compliant by storing Office documents on servers based in the EU". However, they discovered the software packages collected additional data that contained private user information, some of which was stored on servers located in the US.<ref>{{Cite web |last=Netherlands Ministry of Justice |title=Data Protection Impact Assessment (DPIA) Microsoft Office 2016 and 365 |url=https://www.rijksoverheid.nl/binaries/rijksoverheid/documenten/rapporten/2018/11/07/data-protection-impact-assessment-op-microsoft-office/Update+on+negotiations+between+Dutch+central+government+and+Microsoft+on+GDPR+compliance+November+7.pdf |url-status=dead |archive-url=https://web.archive.org/web/20190623094153/https://www.rijksoverheid.nl/binaries/rijksoverheid/documenten/rapporten/2018/11/07/data-protection-impact-assessment-op-microsoft-office/Update+on+negotiations+between+Dutch+central+government+and+Microsoft+on+GDPR+compliance+November+7.pdf |archive-date=June 23, 2019 |access-date=June 24, 2019}}</ref> The [[Ministry of Justice and Security|Netherlands Ministry of Justice]] hired Privacy Company to probe and evaluate the use of Microsoft Office products in the public sector.<ref name="The Register" /> "Microsoft systematically collects data on a large scale about the individual use of Word, Excel, PowerPoint, and Outlook. Covertly, without informing people", researchers of the Privacy Company stated in their blog post. "Microsoft does not offer any choice with regard to the amount of data, or possibility to switch off the collection, or ability to see what data are collected, because the data stream is encoded."<ref>{{Cite web|title=The impact assessment shows privacy risks in Microsoft Office ProPlus Enterprise |url=https://www.privacycompany.eu/en/impact-assessment-shows-privacy-risks-microsoft-office-proplus-enterprise/ |url-status=live |archive-url=https://web.archive.org/web/20181128164531/https://www.privacycompany.eu/en/impact-assessment-shows-privacy-risks-microsoft-office-proplus-enterprise/ |archive-date=November 28, 2018 |access-date=November 28, 2018}}</ref> The researchers commented that there is no need for Microsoft to store information such as IPs and email addresses, which are collected automatically by the software. "Microsoft should not store these transient, functional data, unless the retention is strictly necessary, for example, for security purposes", the researchers conclude in the final report by the Netherlands Ministry of Justice.<ref>{{Cite web |last=Netherlands Ministry of Justice |title=Data Protection Impact Assessment (DPIA) Microsoft Office 2016 and 365 |url=https://www.rijksoverheid.nl/binaries/rijksoverheid/documenten/rapporten/2018/11/07/data-protection-impact-assessment-op-microsoft-office/Update+on+negotiations+between+Dutch+central+government+and+Microsoft+on+GDPR+compliance+November+7.pdf |url-status=dead |archive-url=https://web.archive.org/web/20190623094153/https://www.rijksoverheid.nl/binaries/rijksoverheid/documenten/rapporten/2018/11/07/data-protection-impact-assessment-op-microsoft-office/Update+on+negotiations+between+Dutch+central+government+and+Microsoft+on+GDPR+compliance+November+7.pdf |archive-date=June 23, 2019 |access-date=June 24, 2019}}</ref> As a result of this in-depth study and its conclusions, the Netherlands regulatory body concluded that Microsoft has violated GDPR "on many counts" including "lack of transparency and purpose limitation, and the lack of a legal ground for the processing."<ref>{{Cite web |last=Netherlands Ministry of Justice |title=Data Protection Impact Assessment (DPIA) Microsoft Office 2016 and 365 |url=https://www.rijksoverheid.nl/binaries/rijksoverheid/documenten/rapporten/2018/11/07/data-protection-impact-assessment-op-microsoft-office/Update+on+negotiations+between+Dutch+central+government+and+Microsoft+on+GDPR+compliance+November+7.pdf |url-status=dead |archive-url=https://web.archive.org/web/20190623094153/https://www.rijksoverheid.nl/binaries/rijksoverheid/documenten/rapporten/2018/11/07/data-protection-impact-assessment-op-microsoft-office/Update+on+negotiations+between+Dutch+central+government+and+Microsoft+on+GDPR+compliance+November+7.pdf |archive-date=June 23, 2019 |access-date=June 24, 2019}}</ref> Microsoft has provided the Dutch authorities with an "improvement plan" that should satisfy Dutch regulators that it "would end all violations". The Dutch regulatory body is monitoring the situation and states that "If progress is deemed insufficient or if the improvements offered are unsatisfactory, SLM Microsoft Rijk will reconsider its position and may ask the [[Dutch Data Protection Authority]] to carry out a prior consultation and to impose enforcement measures."<ref>{{Cite web |title=Data Protection Impact Assessment op Microsoft Office |date=November 7, 2018 |url=https://www.rijksoverheid.nl/documenten/rapporten/2018/11/07/data-protection-impact-assessment-op-microsoft-office |url-status=live |archive-url=https://web.archive.org/web/20190524051346/https://www.rijksoverheid.nl/documenten/rapporten/2018/11/07/data-protection-impact-assessment-op-microsoft-office |archive-date=May 24, 2019 |access-date=June 24, 2019 |language=nl}}</ref> When asked for a response by an IT professional publication, a Microsoft spokesperson stated: "We are committed to our customers’ privacy, putting them in control of their data and ensuring that Office ProPlus and other Microsoft products and services comply with GDPR and other applicable laws. We appreciate the opportunity to discuss our diagnostic data handling practices in Office ProPlus with the Dutch Ministry of Justice and look forward to a successful resolution of any concerns."<ref name="The Register">{{Cite web |last=The Register |title=Microsoft menaced with GDPR mega-fines in Europe for 'large scale and covert' gathering of people's info via Office |website=[[The Register]] |url=https://www.theregister.co.uk/2018/11/16/microsoft_gdpr/ |url-status=live |archive-url=https://web.archive.org/web/20190624154253/https://www.theregister.co.uk/2018/11/16/microsoft_gdpr |archive-date=June 24, 2019 |access-date=June 24, 2019}}</ref> The user privacy data issue affects ProPlus subscriptions of Microsoft Office 2016 and Microsoft Office 365, including the online version of Microsoft Office 365.<ref>{{Cite web |last=Netherlands Ministry of Justice |title=Data Protection Impact Assessment (DPIA) Microsoft Office 2016 and 365 |url=https://www.rijksoverheid.nl/binaries/rijksoverheid/documenten/rapporten/2018/11/07/data-protection-impact-assessment-op-microsoft-office/Update+on+negotiations+between+Dutch+central+government+and+Microsoft+on+GDPR+compliance+November+7.pdf |url-status=dead |archive-url=https://web.archive.org/web/20190623094153/https://www.rijksoverheid.nl/binaries/rijksoverheid/documenten/rapporten/2018/11/07/data-protection-impact-assessment-op-microsoft-office/Update+on+negotiations+between+Dutch+central+government+and+Microsoft+on+GDPR+compliance+November+7.pdf |archive-date=June 23, 2019 |access-date=June 24, 2019}}</ref>
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)