Microsoft Office 365 mobile apps have multiple security and privacy issues

Since its enter into force just over a year ago, multiple technology companies have had serious problems complying with the European Union General Data Protection Regulation (GDPR), which could have serious financial consequences an irreversible image damages, data protection specialists say.

Now, the Dutch Ministry of Justice and Security’s decision to suspend the use of Microsoft Office mobile applications was recently announced due to some GDPR non compliances.

According to data protection experts, the Dutch authorities, in collaboration with a privacy advisory firm, submitted a report whose main conclusion is that, despite the Microsoft Office desktop suite complies with the GDPR guidelines, office mobile apps and some online services do not have data privacy controls that are appropriate to the current cybersecurity and technological context.

Prior to the entry into force of GDPR, the Netherlands began working with Microsoft to make its desktop applications, used by more than 30k public employees, meet the new privacy standards in the European Union. It had previously been revealed that these desktop applications sent telemetry data (email addresses, search engine queries) to servers in the U.S.

“We found that at least three of Microsoft’s iOS applications send some data about their use to a US marketing company. In addition, some recent modifications that Microsoft recently released for Office 365 ProPlus are still not available for online platforms (Office Online),” the report mentions.

The Dutch government-issued instruction is that, at least for now, public institutions should avoid using Office Online and Microsoft Office mobile apps. The company is expected to contact the authorities to begin work on correcting this incident.

According to data protection specialists from the International Institute of Cyber Security (IICS), the company has made no changes to its mobile applications and online platforms.

This is just a new drawback for Microsoft in Europe. A few weeks ago, the Data Protection and Freedom of Information Commission in Hesse, Germany, banned the use of the Microsoft Office suite in government offices for reasons virtually identical to those argued by the Dutch government.

Microsoft has made no official statements about these incidents, although nearby sources claim that the company will be working with governments and data regulators in the European Union to correct these failures and make its products GDPR compliant.