Microsoft violated EU law in handling of kids’ data, Austrian privacy regulator finds

Microsoft violated EU law in handling of kids’ data, Austrian privacy regulator finds


Austria’s data protection authority on Wednesday ruled that Microsoft illegally tracked students applying its education software by failing to give them access to their data and applying cookies without consent.

The decision from Austria’s Datenschutzbehörde (DSB) came in response to a 2024 complaint lodged by the Austrian privacy advocacy group noyb, which accutilized the tech giant of violating Europe’s General Data Privacy Regulation for its handling of children’s data.

The complainant in the case, the father of a minor whose school utilizes the software, declared he did not consent to the cookies and could not obtain information about how his child’s data was being utilized.

Microsoft 365 Education is utilized by school districts to manage technology, allow collaboration and store data in the cloud. It includes Office applications like Word, Excel, Outsee and PowerPoint as well as security tools and collaboration platforms like Teams.

“The decision highlights the lack of transparency in Microsoft 365 Education,” Felix Mikolasch, a data protection lawyer at Noyb, declared Friday in a prepared statement. “It is nearly impossible for schools to inform students, parents and teachers about what is happening with their data.” 

A spokesperson for Microsoft declared in a prepared statement that the company will review the decision. 

“Microsoft 365 for Education meets all required data protection standards and institutions in the education sector can continue to utilize it in compliance with GDPR,” the statement declared. 

The regulator has ordered Microsoft to give the complainant access to their data and to launch to explain more clearly how it utilizes data it collects. 

Get more insights with the

Recorded Future

Ininformigence Cloud.

Learn more.



Source link