November 17, 2018
Dutch investigators are carrying out an inquiry after claims that Microsoft Office is in breach of the European Union General Data Protection Regulations in relation to the data the software has been collecting including the content of confidential electronic mails.
Those studying the alleged breach in the Netherlands have disclosed, during their search of Microsoft Office, that they exposed large-scale collection of private data. It is believed that users had not been informed that this was happening and had not provided official approval.
A Microsoft spokesman said: “We are dedicated to our customers’ secrecy, putting them in control of their data and making sure that Office ProPlus and other Microsoft products and facilities abide by GDPR and other applicable rules. We realize the chance to talk over our analytical data handling practices in Office ProPlus with the Dutch Ministry of Justice and look forward to a fruitful resolution of any troubles.”
The computing titan maintains that the data was gathered only for functional and safety purposes. Nevertheless, the abovementioned inquiry disclosed that Microsoft does gather data including electronic mail subject lines and extracts of content. Earlier this year Microsoft shifted its data gathering back to Europe in an attempt to abide by the General Data Protection Regulation. Earlier their procedure for achieving this was to export this data from the EU to data centers in the US.
The external consultancy that performed the inspection, Privacy Company, claimed that Microsoft involved in ‘large scale and clandestine handling of data’ relating to customers.
The report from the Ministry of Justice said: “Data delivered by and about users was being collected through Windows 10 Enterprise and Microsoft Office and saved in a database in the US in a way that posed main dangers to users’ secrecy.”
Microsoft, it was disclosed in the press release, had decided in October to start an improvement plan for its facilities. It said: “Microsoft has dedicated to submitting these modifications for confirmation in April 2019”. The business has been allowed some space to tackle the problems in the handling of data or it might be subjected to huge penalties. According to GDPR law, launched last May, firms can be penalized €20m of 4% of yearly international income if they are found to be collecting needless user data or for data breaches.
This comes as secrecy supporters throughout the EU have been submitting grievances to the related local data safety authorities in relation to data management and handling at Facebook, Google and a number of other Internet and social media related-businesses.