Legal Issues Microsoft 365 in German Civil Service: "Data Privacy Compliant Use Not Feasible"

30. September 2020 – Stefan Buschkühler
Microsoft 365 in German Civil Service: "Data Privacy Compliant Use Not Feasible"

Aside from the usual suspects such as Google and others, no other entities are likely to amass as many personal data as federal and state government agencies and other public institutions in Germany. The variety of confidential details kept in store by public authorities is truly enormous. It therefore stands to reason that collecting and handling these data have been subjected to strict regulations. Rules determine who may collect data for what purpose, how and for how long they may be stored, and under what circumstances they may be passed on. Whether or not all these rules are duly observed is under strict scrutiny of data security officers.

A software monopoly causing issues
So everything is all right, then? Not quite. For in all these administrations, a certain supplier's software product is used in a way virtually akin to a monopoly that is thwarting all the aforementioned citizens' data privacy efforts, or so a work group of Germany's Data Protection Conference concluded: Microsoft Office 365.

A recent article on netzpolitik.org (in German) elucidates this subject matter in detail. The main point of an internal paper prepared by a work group of data security officers from the federal and state governments sounds quite spectacular: "Data privacy compliant use of Microsoft Office is not possible."

A good way out isn't expensive either
A solution to this issue could be to hold the cloud platform's provider, which is Microsoft, accountable to a greater extent and to ensure that license agreements with Microsoft reflect all requirements of the German Federal Data Protection Act and violations are duly prosecuted. The work group's paper does not hold the German data protection authorities in very high esteem in this respect, however, characterising them as "underfunded, understaffed, and underqualified" for enforcing such requirements.

Fortunately, thzere is a different, exceedingly viable approach for solving this issue: By choosing to use pre-owned on-premises software licenses, public authorities would not only eliminate data communications with remote cloud servers, greatly enhancing control over the data contained in stored documents, but also benefit from enormous cost savings.

And who knows? Maybe the money saved this way could contribute a little to alleviating the bemoaned underfunding, understaffing, and underqualification at last.

Share Article