Microsoft Office data telemetry breaches GDPR, Dutch investigators rule

Chris Merriman
@ChrisTheDJ
15 November 2018

Tweet
Facebook
Send to

MICROSOFT IS FACING a huge fine this morning after Dutch investigators concluded that the company's data collection in its Office suite breaks European rules.

The report cites issues with the ProPlus subscription for the desktop suite and the web-based version of Office 365, which could mean the mega-corp is in breach of the EU's GDPR legislation which came into force in May.

The report, commissioned by the Dutch government, administered by SLM Rijk and cited by ZDNet, suggests that the telemetry collected during use of the package was not fully documented by Microsoft, nor was there an option to turn it off.

The issue isn't so much the regular telemetry, which even the report acknowledges is just a part of modern software. But Microsoft seems to be collecting subject lines from emails and full sentences that are run through a spelling and grammar checker or the translation tool.

In fact, in total 25,000 'events' are recorded and the data can be seen by up to 30 teams of engineers. Compare this with Windows 10 which collects 1,200 event types, shared with 10 engineering teams.

Yeah, it's still a lot, but compare the two - maaaaaan.

Microsoft is apparently working with the EU on a solution that meets criteria without leaving a mess. It has also pledged to provide the missing documentation, provide options for levels of collection and create a tool for sysadmins and users that will let them see exactly what dirt Microsoft has.

A lot of the collection items on the list are quite technical and for the tool to be much use, there will also need to be some sort of glossary or a plain English version of the listings.

GDPR has some serious teeth when it comes to the improper use of data with Microsoft potentially on the hook for up to two per cent of the company's annual revenue, a minimum of 10 million Euros. μ