Microsoft has found a new foe in its Windows-Office empire, as the Netherland’s Ministry of Justice and Security issued a stern warning Dutch public sector users of Office mobile, Office online and the enterprise version of Windows 10 about privacy risks. The ministry based its findings to the Data Protection Impact Assessment report made by a private firm based in Europe, showing data created using Office 2016 ProPlus and Office 365 get stored in a US-based server. This loses the legal control of a company to their own data, as US-based servers are under the legal jurisdiction of the United States government. This year 2019, a document shows that even Microsoft admitted that they are late in complying with the regulation imposed by the European Union’s GDPR with regards to the Office ProPlus behavior contrary to securing user private data.
The controversy even expanded, as Windows 10 Enterprise also exhibits similar behavior, as data collection is very explicit in Windows 10 since its release in 2015. Also known as Telemetry, Microsoft servers continue to receive data from Windows 10 machines that have an Internet connection. The Dutch ministry has strongly advised state agencies to stop using Microsoft Office online and its counterpart Office apps in Android and iOS, agencies are also ordered to suppress the telemetry data collection in their Windows machine as much as possible. This suppression process can be done through the use of special PowerShell scripts, with changes the behavior of Telemetry to only collect the most basic data from the Windows 10 computers.
The Dutch government is very concerned about state-level information being uploaded to US-based Microsoft servers, as Netherlands strong implies that data created inside the country, especially by the public sector should remain within the Dutch territory. Nevertheless, the Netherlands continues to dialog with Microsoft in order to arrive at a more acceptable middle-ground. One such possibility is to have a special edition of Windows and Office and Office mobile apps for the Dutch market with no telemetry or data collection.
Redmond and countries in the European Union have historically made conflicts in the past. One of the most famous issues was the web browser monopoly of Microsoft, which gave birth to the Browser ballot for the European Union territories’ version of Windows. Until such time an agreement between the Dutch government and Microsoft is set to fix the issues with data collection, the government will continue to find ways of suppressing the telemetry process on all installed Windows 10 computers in the public sector.
Similarly, Germany has banned the use of Office 365 on all public schools operating in the country. German authorities emphasized that under US laws, all data stored on US-based servers regardless of original source are under the jurisdiction of the government. It means, if the data stored are required in a certain civil or criminal case, the US government can get a copy of it from Microsoft (or other service provider operating in the country). The power of the US government to issue such directive falls under the USA Freedom Act and CLOUD Act, that gives the U.S. government subpoena powers over data stored inside a U.S. territory.