Three new DPIAs, which Privacy Company has carried out for the central Dutch government, show that Microsoft has mitigated the eight previously identified privacy risks for Office 365 ProPlus through a combination of technical, organisational and contractual measures.
However, the new privacy conditions for the central Dutch government do not yet apply to the data processing via Windows 10 Enterprise or the mobile Office apps. Moreover, certain technical improvements that Microsoft has implemented in Office 365 ProPlus are not (yet) available in Office Online.
Therefore, SLM Rijk advises government institutions to, for the time being, refrain from using Office Online and the mobile Office apps, and to opt for the lowest possible level of data collection in Windows 10.
Full article: New DPIA on Microsoft Office and Windows software: still privacy risks remaining (long blog)