GDPR Breach Complaint on Microsoft Office Under Investigation


Microsoft Office is under review by Dutch investigators due to complaints of the EU’s General Data Protection Regulations (GDPR) violation. Allegedly, Microsoft’s software is gathering data which includes the content of personal emails.

The investigators of the alleged breach reported that they discovered Microsoft Office was gathering personal information on a large scale. It is assumed that the company did not inform its users about this and user have not provided official consent.

A spokesman of Microsoft said that Microsoft is fully committed to the personal privacy of its customers. They make sure that users have control over their data when they use Office ProPlus or other Microsoft products and services as per the GDPR and other appropriate legislations. The company welcomed the opportunity given by the Dutch Ministry of Justice to talk about the handling procedures of diagnostic data for Office ProPlus and hope to successfully handle any issue.

Microsoft points out that the company only collects data functional and security reasons. However, the investigators stated they found out that Microsoft gathers information like email subject lines and content. At the beginning of 2018, Microsoft migrated its data collection to Europe as a result of complying with the GDPR. In past times, Microsoft carry out this task by exporting data from the data centers in EU to the US data centres.

Privacy Company is the consultancy agency that performed the review, which revealed that Microsoft was engaged in mass, secret processing of user data. As stated in the Ministry of Justice report, the Windows 10 Enterprise and Microsoft Office are collecting the data given by and about users and keeping them in their US database. This presented serious risks to users’ personal privacy.

As a reaction to these incidences, Microsoft agreed to develop an improvement plan for its products and services, which will be sent in for validation in April 2019. The company was provided some time to take care of the concerns in data processing or it might suffer massive penalties. Under the GDPR launched in May 2018, the penalty might be as high as €20 million or 4% of yearly global revenue for entities discovered gathering needless user data or for data breaches.

The review of Microsoft Office transpired because privacy advocates in the EU submitted complaints regarding the collection and processing of data by web-based companies like Facebook, Google and other social media related-organizations.