fbpx

Free tools and resources for Data Protection Officers!

Tag Archives for " Microsoft "

EU contracts with Microsoft raising ‘serious’ data concerns

Europe’s chief data protection watchdog has raised concerns over contractual arrangements between Microsoft and the European Union institutions which are making use of its software products and services.

The European Data Protection Supervisor (EDPS) opened an enquiry into the contractual arrangements between EU institutions and the tech giant this April, following changes to rules governing EU outsourcing.

Though the investigation is still ongoing, preliminary results reveal serious concerns over the compliance of the relevant contractual terms with data protection rules and the role of Microsoft as a processor for EU institutions using its products and services.

Source: EU contracts with Microsoft raising ‘serious’ data concerns, says watchdog | TechCrunch

Study reveals cyber exposure through Microsoft products

Vulnerability assessment specialists, Intruder, today announced its research team has discovered that organisations including almost 40% of the FTSE 100, are affected by little-known user enumeration flaws in a range of popular Microsoft products.

The research uncovered that over 13,000 Skype for Business servers on the internet are vulnerable, potentially exposing an organisation’s internal Windows network to Denial of Service (DOS) and credential guessing attacks.

Source: #privacy: Study reveals UK cyber exposure through Microsoft products

Dutch regulator sees potential privacy breach in Microsoft Windows

Microsoft is remotely collecting data from users of Windows Home and Windows Pro, in a potential breach of privacy rules, the Dutch Data Protection Agency (DPA) said on Tuesday.

The DPA said it had found the practices while it was testing privacy protection changes in Windows made last year by Microsoft at the agency’s request.

Source: Dutch regulator sees potential privacy breach in Microsoft Windows – Reuters

Contractors at Microsoft eavesdrop on some Skype calls

Amazon and Google have been in the headlines recently over how the tech giants’ workers eavesdrop on the audio footage picked up by smart assistants. Now Microsoft has explaining to do following reports that its employees listen in on real Skype conversations that have gone through translation software processing.

People contracted to work with Microsoft take dialogues in for review as a means of translation quality control. No mention of this surveillance appears in Skype’s terms and conditions.

Source: Contractors at Microsoft eavesdrop on some Skype calls

New DPIA on Microsoft Office and Windows software: still privacy risks remaining

Three new DPIAs, which Privacy Company has carried out for the central Dutch government, show that Microsoft has mitigated the eight previously identified privacy risks for Office 365 ProPlus through a combination of technical, organisational and contractual measures.

However, the new privacy conditions for the central Dutch government do not yet apply to the data processing via Windows 10 Enterprise or the mobile Office apps. Moreover, certain technical improvements that Microsoft has implemented in Office 365 ProPlus are not (yet) available in Office Online.

Therefore, SLM Rijk advises government institutions to, for the time being, refrain from using Office Online and the mobile Office apps, and to opt for the lowest possible level of data collection in Windows 10.

Full article: New DPIA on Microsoft Office and Windows software: still privacy risks remaining (long blog)

German schools ban Office 365 due to privacy concerns

The German state of Hesse has ruled it’s illegal for its schools to use Office 365 after years of debate over whether the country’s schools and institutions should use Microsoft tools at all.

The Hesse Office for Data Protection and Information Freedom says the standard configuration in Office 365 could potentially make students’ and teachers’ personal data available to US officials. In addition to the information that users provide when they’re working in Office 365, the platform sends telemetry data back to the US.

Source: German Schools Ban Office 365, Cite Privacy Concerns

You’re responsible for getting permission from subjects if you want to use Windows Photos’ facial recog feature

Microsoft has begun rolling out an update to the Photos app in Windows 10 that prompts you to confirm “all appropriate consents from the people in your photos and videos”, in order to use facial recog to find snaps of your friends and loved ones.

Microsoft has decided that additional safeguards are needed, and has come up with the notion that you should obtain “appropriate consents” from the people in your pictures.

Full article: You’re responsible for getting permission from subjects if you want to use Windows Photos’ facial recog feature • The Register

How Microsoft Plan to Empower Users to Own and Control Personal Data

Microsoft presented a vast blockchain-related plan: a decentralized identity (DID) network built atop of the bitcoin network, which can potentially empower users all over the internet to take control over their personal data and content.

Titled the Identity Overlay Network (ION), the infrastructure lets users obtain control over their own data via the management of their Public Key Infrastructure (PKI).

DID allows users to control their own data and content — including login details and photos, which is not currently possible on most social media platforms that store such data on their private, centralized servers.

Full article: Decentralized Identity: How Microsoft (and Others) Plan to Empower Users to Own and Control Personal Data

Microsoft working to support decentralised identity

Microsoft is among the big tech players aiming to help enable personalisation of products and services without putting privacy at risk.

Microsoft believes there are three important steps that will help to rebalance the equation, said Chik – first, enable individuals to bring their own identity; second, accept independently verified information from individuals; and third, recognise individuals as data controllers.

Source: Microsoft working to support decentralised identity

EU to check for GDPR violations in Microsoft’s contracts with EU institutions

The European Data Protection Supervisor (EDPS), the European Union’s data protection watchdog, has started an investigation into Microsoft’s contracts with EU institutions.

The investigation will focus on the contracts EU institutions have signed with Microsoft and if clauses in these contracts comply with the EU’s new data protection regulation -also known as the General Data Protection Rules (GDPR).

Source: EU to check for GDPR violations in Microsoft’s contracts with EU institutions | ZDNet

1 2 3 5
>