IT security services specialists report that the German Commission for Data Protection and Freedom of Information has stated that Microsoft services Windows 10 and Office 365 systems do not meet sufficient requirements for use in academic institutions in the state of Hesse.
As reported, this decision has to do with the telemetry that these two cloud-connected services send to Microsoft headquarters in the U.S., ranging from standard software diagnostics to user content from internal applications (some documents’ sentences and email subject lines).
According to IT security services specialists, Microsoft used to send a special version of these applications, which stored the data in data centers in Europe. That permission ended a few days ago, so the data is been sent directly to Microsoft in the U.S.
The Information Commissioner of the State of Hesse mentioned that all public institutions in Germany have a special commitment to the permissibility and traceability of the processing of personal data.
“As soon as this potential access to our data is investigated in the cloud by third parties, as well as research on telemetry data, Office 365 may be used again at the academic institutions at Hesse”, the commissioner added.
The Commission mentioned that Microsoft’s cloud inconveniences also affected other IT services contracted by institutions in Germany, provided by companies such as Google and Apple. “So far these services have not been transparent, at the moment it is impossible to guarantee total privacy of information in Hesse schools,” the commission said.
IT security services experts at the International Institute of Cyber Security (IICS) mention that this mainly affects schools because, until Microsoft resolves the issues present in its cloud services, institutions will have to resort to the use of other software solutions. It is not yet known how the company will respond to this decision of the state of Hesse, most likely having to resort to the use of data centers in Europe.