Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Microsoft Privacy Software United States Windows

Dutch Government Report Says Microsoft Office Telemetry Collection Breaks EU GDPR Laws (theregister.co.uk) 87

"The Register reports that Microsoft has been accused of breaking EU's GDPR law by harvesting information through Office 365 and sending it to U.S. servers," writes Slashdot reader Hymer. "The discovery was made by the Dutch government." From the report: The dossier's authors found that the Windows goliath was collecting telemetry and other content from its Office applications, including email titles and sentences where translation or spellchecker was used, and secretly storing the data on systems in the United States. Those actions break Europe's new GDPR privacy safeguards, it is claimed, and may put Microsoft on the hook for potentially tens of millions of dollars in fines. The Dutch authorities are working with the corporation to fix the situation, and are using the threat of a fine as a stick to make it happen.

The investigation was jumpstarted by the fact that Microsoft doesn't publicly reveal what information it gathers on users and doesn't provide an option for turning off diagnostic and telemetry data sent by its Office software to the company as a way of monitoring how well it is functioning and identifying any software issues. Much of what Microsoft collects is diagnostics, the researchers found, and it has seemingly tried to make the system GDPR compliant by storing Office documents on servers based in the EU. But it also collected other data that contained private information and some of that data still ended up on U.S. servers.

This discussion has been archived. No new comments can be posted.

Dutch Government Report Says Microsoft Office Telemetry Collection Breaks EU GDPR Laws

Comments Filter:
  • It is SPYING! (Score:5, Insightful)

    by Futurepower(R) ( 558542 ) on Saturday November 17, 2018 @09:20AM (#57660486) Homepage
    Spying should not be called "Telemetry".
    • The Register story title and headline:

      Microsoft menaced with GDPR mega-fines in Europe for 'large scale and covert' gathering of people's info via Office
      Telemetry data slurp broke the law, Dutch govt eggheads say

      Better:

      Microsoft may have to pay huge GDPR fines in Europe for 'large scale and covert' gathering of people's info via Microsoft Office.
      Microsoft spying broke the law, Dutch government officials say.
    • Re: (Score:2, Insightful)

      by Anonymous Coward

      did you not get the new microsoft dictionary:

      Telemetry = The collecting of personal data such that we can sell it to advertisers

      Improved customer experience = Allowing the customers to be our testing partners thus giving them an improved insight into how our software is developed.

      keep it going.

    • I'm not sure... (Score:2, Interesting)

      by SuperKendall ( 25149 )

      The thing is we have no idea what this data is used for. If it were Google I would think advertising, but with Microsoft I would actually be more inclined to think it's something technical.

      Personally I think the GPDR is a good idea but perhaps goes too far. Certainly the click-though messages about privacy you have to go through on every website now are stupid and do nothing to help anyone. Also I think there is valid technical need to collect some data for just technological advancement, and I worry tha

      • by Bongo ( 13261 )

        Having a good reason to collect data is one thing.

        It's just that it should not be a surprise to anyone, ie. you're supposed to do it in a transparent, obvious, and common sense manner.

      • by mikael ( 484 )

        They do admit to logging keystrokes so they determine best usage of menu options and to provide hints on how you can be more productive through keyboard shortcuts.

        Others fear they might be collecting code fragments to provide as "Snippets" for others to use.

        • Others fear they might be collecting code fragments to provide as "Snippets" for others to use.

          I have exactly the farthest reaction away from "fear" to that. Wouldn't it be amazing if Microsoft, or Apple, actually detected code fragments super commonly typed in order to figure out how to eliminate us all having to type them?

          Even in the most modern of languages boilerplate code is common, and it would be great to at least snippet that as much as possible, or have code completion melt a lot of that work away

          • by mikael ( 484 )

            Most application developers build their own shell applications that load in the commonly used libraries (OpenCV, OpenGL, CUDA, maths libraries) and then run a basic application rendering loop. Then there are file parsers, object serializers, libraries to simply data transfer between hosts

      • The GDPR is nowhere near perfect. It has given websites the excuse to demand you click and accept an EULA (which you can't read because their popover covers it) before you visit.

        However, it is a start. Right now, a company getting hacked actually can make the top brass rich, just because the CxOs can short their stock before the announcement, and most people forget about the intrusion, so stock bobs back up in a few months. The GDPR actually makes companies actually be concerned about security to actuall

        • The GDPR is nowhere near perfect. It has given websites the excuse to demand you click and accept an EULA (which you can't read because their popover covers it) before you visit.

          However, it is a start..

          This is in itself a GDPR violation and will end up resulting in fines. Websites that default to all cookies choices tickets as default are also in violation of at least two EU directives - one that choices for contact *must* be opt-in only, and the second for not making the choices clear.

    • Honestly, I'm not sure I'll ever forgive Microsoft for giving telemetry such a bad name. I've already seen the fallout from this when people have a knee-jerk reaction to any discussion of telemetry, assuming it's only used for slurping up personal information for less-than-honorable purposes (and unfortunately, we've seen that happen). When it's optional and clearly disclosed to the user, it can be a valuable tool to help developers improve their software.

      But when users can't opt out or easily see what's

  • Water is wet, and the sky is blue.

    Who knew?

  • by Anonymous Coward

    Then type:

            stop-service diagtrack
            set-service diagtrack –startuptype disabled

  • by 140Mandak262Jamuna ( 970587 ) on Saturday November 17, 2018 @10:13AM (#57660612) Journal
    The Dutch government Report was written in MS-Office build 20283 (registered to -name redacted-) and was collaboratively edited by instals 02383-48485-4857-ab (registered to ---) ....

    Of all the installs that created the document only the version used by the second assistant junior sub flunkie is actually verified and authorized install. We have located at least 22 unauthorized windows installations and 42 unauthorized Ms Office installation. We will be suing the government under anti-piracy laws for compensation of 3.3 billion euros

    Also Microsoft Windows 10 does not collect any data, telemetry or otherwise. We challenge the government to prove that we collect data instead of engaging in idle speculation.

    • by MrMr ( 219533 )
      Very funny, but the Dutch government is actually paying huge amounts of taxpayers money to subsidize Microsofts licensing schemes. I have superfluous licenses for all office versions since 2007.
  • by Qbertino ( 265505 ) <moiraNO@SPAMmodparlor.com> on Saturday November 17, 2018 @10:18AM (#57660622)

    I'm glad activists got through with the GDPR. They did a good job.

    Whilst the US has basically just come up with TCPA ( no law but still) , PATRIOT, DMCA and other orwellian f*ck- you laws and regulations, here some activists with close affiliation to FOSS and similar movements basically got their version of the EU GDPR law through. It would be nice to see the GDPR serve as an example to the US and if the US would get its own version of it.

    As for MS: they have been regaining karma with me lately but I still think it would send the right signal if they get fined into next Wednesday to show that the EU isn't f*cking around and will have any corporations head on a stick should someone choose to question the applicability of the law.

    On the job I've been the GDPR guy after taking seminars and reading through a stack or regulations. And while some parts of it can be tedious to deal with, it does force everyone on ship to keep an eye out on how, when and where personal data is handled. And that was the laws intention and that's a good thing.

    My 2 eurocents.

    • by rastos1 ( 601318 )
      I would appreciate more if GDPR led to backlash from users and eventually to reduction of data collection or at least to raise of alternative services that do not collect so much data. But it does not. All we got are "I agree" buttons.
  • A joke I read on Twitter a couple of days ago;

    He's Making a List,
    He's Checking It Twice,
    He's Gonna Find Out
    Who's Naughty and Nice.
    Santa Clause is in contravention of Article 4 of the GDPR.

  • by jenningsthecat ( 1525947 ) on Saturday November 17, 2018 @03:45PM (#57661524)

    ... may put Microsoft on the hook for potentially tens of millions of dollars in fines

    When are the authorities going to understand that a mere 'tens of millions of dollars' represents a chump-change cost of business for companies like Microsoft? Wake me up when the fines start getting into the multi-billion dollar range - that's the kind of fine that might deter big corps from acting out their rampant psychopathic attitudes and anti-social practices. Until then, stories like this are just yawn-worthy, formulaic excuses for churning out yet more reams of journalistic boilerplate.

    • They can fine a percentage of the global income of the company. I'm going to go out on a limb here, but my guess is that that would hurt even Microsoft. Another guess is that this was introduced specifically for companies like Microsoft.

      "What is the maximum administrative fine under the GDPR? There are two tiers of administrative fines that can be levied as penalties for non-compliance: Up to €10 million, or 2% annual global turnover – whichever is higher. Up to €20 million, or 4% annual glo

  • Easy to use, just good, protects privacy, company support from Colabora too.

Don't tell me how hard you work. Tell me how much you get done. -- James J. Ling

Working...