Microsoft could face multi-million dollar EU fine over covert data collection

Microsoft could face multi-million dollar EU fine over covert data collection
30 Nov 2018

Microsoft could face a multi-million dollar fine after secretly collecting data on how people in the European Union (EU) are using its Office products and storing the information on a server based in the US. 

The situation was revealed by the Dutch government, following an investigation over how Office applications handle data that is created by its employees. It concluded that the majority of information Microsoft collects is diagnostics data, most of which resides on EU servers. 

But IT Pro Portal reported that the software vendor also tracked and gathered additional information on about 25,000 types of 'events', such as what text was run through a translation or spell-checking service. Moreover, some of the data did not remain on EU soil.

Privacy Company, the researchers behind the report, said: "Microsoft systematically collects data on a large scale about the individual use of Word, Excel, PowerPoint and Outlook. Covertly, without informing people. Microsoft does not offer any choice with regard to the amount of data, or possibility to switch off the collection, or ability to see what data are collected, because the data stream is encoded." 

According to Security Boulevard, Microsoft is now cooperating with the authorities on the issue. The vendor said it was committed to addressing the problems referred to in the report in order to give users clear options to choose from. It also intends to release an overall improvement plan.

Emma Woollacott

Emma Woollacott is a freelance business journalist. Her work has appeared in a wide range of publications, including the Guardian, the Times, Forbes and the BBC.

OTHER ARTICLES THAT MAY INTEREST YOU

Getting to grips with GDPR data retention rules

GDPR: Tackling the new data processor regulations

GDPR: Data protection in the EU explained

 

 

Microsoft could face a multi-million dollar fine after secretly collecting data on how people in the European Union (EU) are using its Office products and storing the information on a server based in the US. 

The situation was revealed by the Dutch government, following an investigation over how Office applications handle data that is created by its employees. It concluded that the majority of information Microsoft collects is diagnostics data, most of which resides on EU servers. 

But IT Pro Portal reported that the software vendor also tracked and gathered additional information on about 25,000 types of 'events', such as what text was run through a translation or spell-checking service. Moreover, some of the data did not remain on EU soil.

Privacy Company, the researchers behind the report, said: "Microsoft systematically collects data on a large scale about the individual use of Word, Excel, PowerPoint and Outlook. Covertly, without informing people. Microsoft does not offer any choice with regard to the amount of data, or possibility to switch off the collection, or ability to see what data are collected, because the data stream is encoded." 

According to Security Boulevard, Microsoft is now cooperating with the authorities on the issue. The vendor said it was committed to addressing the problems referred to in the report in order to give users clear options to choose from. It also intends to release an overall improvement plan.

Emma Woollacott

Emma Woollacott is a freelance business journalist. Her work has appeared in a wide range of publications, including the Guardian, the Times, Forbes and the BBC.

OTHER ARTICLES THAT MAY INTEREST YOU

Getting to grips with GDPR data retention rules

GDPR: Tackling the new data processor regulations

GDPR: Data protection in the EU explained