Oh boy, here we go again! Microsoft has come under criticism for collecting and storing personal data about the behavior of individual employees on a large scale, without any public documentation.
These are the alarming findings of a Data Protection Impact Assessment (DIPA) commissioned by the Dutch government to guide its institutions in their dealings with Microsoft’s enterprise software, including 300,000 workstations in ministries, the judiciary, the police, tax authorities and more.
The report revealed that the global computing giant was in with a covert and systematic collection of data from users of its enterprise software.
And not only just the company gathers a ton of data on employees using its software without letting them know, it also does not provide the option to opt out:
“Microsoft does not offer any choice with regard to the amount of data, or possibility to switch off the collection, or ability to see what data are collected, because the data stream is encoded.”
This is an even bigger concern as the Redmond based company is pushing more and more services off premise, as part of its cloud push.
Dutch governmental institutions have, up until now, have stored their data locally, in their own datacenters. But that is soon about to change, as authorities are conducting pilots with storing data on the Microsoft cloud, as well as platforms like SharePoint and OneDrive.
The technology titan had previously been sending this data out of Europe to datacenters in the US, but it had since moved its collection back to the continent to comply with the GDPR regulations introduced this year.
The Privacy Company has some recommendations for the administrators of enterprise versions of Microsoft software to lower the privacy risk for employees and other users.
Including the drastic steps of centrally prohibiting the use of connected services and not using SharePoint and OneDrive.
Meanwhile, Microsoft has said that it is committed to finding a solution to the concerns raised in this report, and will work out ways to put users in control of their data and to ensure that its software comply with all applicable laws.