Microsoft online assessment8/16/2023 ![]() ![]() ![]() Microsoft collects the diagnostic data in several ways, via system-generated event logs on its own servers, and via the so-called telemetry client in the mobile Office apps. The DPIA identifies the risks of diagnostic data processing via the five most commonly used applications expected: Word, PowerPoint, Outlook, Excel, and Teams in combination with the use of Connected Experiences such as the spell checker, use of the cloud storage services SharePoint Online, and OneDrive for Business connected to Office, the cloud identity service (Azure Active Directory), and the online mail server (Exchange Online). This DPIA concerns the last two versions of the software: Office for the Web and the mobile Office apps. The software can be installed on the computers and laptops of data subjects (Office 365 ProPlus), installed on smartphones, and tablets (mobile Office apps for iOS and Android), and as online applications that run in a browser (Office for the Web, formerly also called Office Online). The Office 365 software can be used in three ways. However, the improvements are explicitly not equal to these terms. These improvements are inspired by the specific new privacy terms negotiated by the Dutch government. See the Online Service Terms with separate Data protection Addendum of April and January 2020 respectively. In January 2020, Microsoft implemented global improvements of its privacy terms for its online Enterprise and Business services. Microsoft mistakenly believed that the new privacy terms negotiated by the State did not apply to all data processing via the mobile Office apps. However, the DPIA on Office for the Web and the mobile Office apps (published 23 July 2019) showed that Microsoft did not yet implement these measures for the browser and app versions of the software. ![]() Three DPIAs (Data Protection Impact Assessments) that Privacy Company conducted for the Dutch government in May and June 2019 showed that Microsoft had remedied the eight previously identified privacy risks for Office 365 ProPlus (the version of Office that you install on desktops, and laptops) through a combination of technical, organisational, and contractual measures. ![]() According to these new privacy terms, Microsoft only acts as a data processor for all its online services, processes personal data for only three well defined and limited purposes, does not process the personal data for profiling, data analytics, market research or advertisements, and grants effective audit rights to the Dutch government. This concerns the Enterprise versions of the Office software that are used by the ministries, the Tax and Customs Administration, the police, the judiciary, and independent administrative bodies. In May 2019, SLM Microsoft Rijk concluded new privacy terms with Microsoft for the 300,000 digital workstations of the Dutch government. įor questions about the research, please contact SLM Rijk (StrategischLeveranciersmanagement Microsoft Rijk), which can be contacted via the Ministryof Justice’s press spokesperson, +31 (0)70 370 73 45. This blog is about the browser version, and the app version of Office 365. With the Ministry’s permission, we are publishing two blog posts about our findings. Privacy Company also assessed the privacy risks of Microsoft’s corporate Intune software, which allows system administrators, amongst others, to encrypt information on users' devices. On behalf of the Dutch Ministry of Justice and Security, Privacy Company conducted a repeat assessment of the privacy risks of the browser version of Microsoft Office 365, and the Office apps for iOS and android mobile phones. ![]()
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |