"Microsoft shifted all responsibility to comply with privacy laws onto schools and national authorities - that have little to no actual control over the use of student data."
"this led to massive finger pointing: Microsoft simply referred the complainant to its local school."
"No one felt able to comply with GDPR rights."
"It is determined that Microsoft, as a controller, violated the complainant's right of access (Art. 15 GDPR) by failing to provide complete information about the data processed when using Microsoft Education 365."
The Austrian Data Protection Authority found Microsoft illegally tracked students via Microsoft 365 Education and used their data. The regulator determined Microsoft, as a controller, violated the complainant's right of access (Art. 15 GDPR) by failing to provide complete information about processed data. Microsoft attempted to shift responsibility for access requests to local schools and national authorities, which were unable to access data held by Microsoft. Schools and authorities could only supply minimal information, prompting a complaint against the school, education authorities, and Microsoft. Microsoft was ordered to provide complete information and clarify terms like internal reporting and business modelling.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]