Microsoft broke Euro privacy rules by carrying out the "large scale and covert" gathering of private data through its Office apps.
That's according to a report out this month that was commissioned by the Dutch government into how information handled by 300,000 of its workers was processed by Microsoft's Office ProPlus suite. This software is installed on PCs and connects to Office 365 servers.
The dossier's authors found that the Windows goliath was collecting telemetry and other content from its Office applications, including email titles and sentences where translation or spellchecker was used, and secretly storing the data on systems in the United States. That's a no-no.
Those actions break Europe's new GDPR privacy safeguards, it is claimed, and may put Microsoft on the hook for potentially tens of millions of dollars in fines. The Dutch authorities are working with the corporation to fix the situation, and are using the threat of a fine as a stick to make it happen.
The investigation was jumpstarted by the fact that Microsoft doesn't publicly reveal what information it gathers on users and doesn't provide an option for turning off diagnostic and telemetry data sent by its Office software to the company as a way of monitoring how well it is functioning and identifying any software issues.I always thought that there ought to be a law against Microsoft's data collection practices, and had hoped that GDPR might be that law, but I'll admit that it feels really satisfying to see it actually happen. I only wish that it had been the data collection in Windows 10 itself that had triggered this.
Microsoft aren't the only company facing an uphill battle when it comes to transforming their anti-consumer practices into GDPR-compliant ones (The Reg dubbed this "GDPRmageddon," which is just fabulous). Considering just how stubborn Microsoft have been when it comes to addressing the inadequacies of their business practices, though, I have a feeling that they'll struggle with GDPR compliance more than most companies... except, of course, for Facebook.