Follow Slashdot stories on Twitter

 


Forgot your password?
Close
typodupeerror
Australia Education Privacy

New South Wales Education Department Caught Unaware After Microsoft Teams Began Collecting Students' Biometric Data (theguardian.com) 34

Posted by msmash from the how-about-that dept.
New submitter optical_phiber writes: In March 2025, the New South Wales (NSW) Department of Education discovered that Microsoft Teams had begun collecting students' voice and facial biometric data without their prior knowledge. This occurred after Microsoft enabled a Teams feature called 'voice and face enrollment' by default, which creates biometric profiles to enhance meeting experiences and transcriptions via its CoPilot AI tool.

The NSW department learned of the data collection a month after it began and promptly disabled the feature and deleted the data within 24 hours. However, the department did not disclose how many individuals were affected or whether they were notified. Despite Microsoft's policy of retaining data only while the user is enrolled and deleting it within 90 days of account deletion, privacy experts have raised serious concerns. Rys Farthing of Reset Tech Australia criticized the unnecessary collection of children's data, warning of the long-term risks and calling for stronger protections.

New South Wales Education Department Caught Unaware After Microsoft Teams Began Collecting Students' Biometric Data More | Reply

New South Wales Education Department Caught Unaware After Microsoft Teams Began Collecting Students' Biometric Data

Comments Filter:
  • Else, you are funding evil.

    • Re: Use only OPEN SOURCE systems. NEVER Microsoft. (Score:4, Insightful)

      by simlox ( 6576120 ) on Monday May 19, 2025 @10:56AM (#65387381)
      Here in Denmark we also suffer from commercial software in education: Already in our equivalent to high-school, the students are locked into Office365, and that becomes the de-facto office suite from that on. The engineering students all learn Matlab. Very hard to change to Python later on. Also a good reason that all education shall be done on Open Source only, no matter if the proprietary software is given "for free".

      • Also a good reason that all education shall be done on Open Source only, no matter if the proprietary software is given "for free".

        So they aren't prepared how to use their computers when they enter the workforce / real life? I think you missed the purpose of education. Now if you suggest we should be teaching about Linux at church then I agree with you.

    • No one cares about your culture war. But here's a better question for you: What is the purpose of education? If you answer is:
      a) Indoctrinate your political and social beliefs on others. - Then yes Opensource software is a great idea.
      b) Prepare subjects for the world they will experience. - Then no, the openness is not a consideration, but rather what tools people are likely to be using in the future are.

      Leave kids out of your culture/political war.

  • stronger protections that can't be waved with an EULA or forced to give up to us app.

  • These people think the law does not apply to them.

  • We need worldwide Data / Privacy standards (Score:5, Interesting)

    by Inglix the Mad ( 576601 ) on Monday May 19, 2025 @10:54AM (#65387375)
    Like the title says. I know governments will despise it, but it needs to happen. The law also needs penalties so severe, and immediately enacted upon breach, that it terrifies company leadership. So not just a little fine, a "You do this and you will probably not make a profit for years, assuming your business is not disintegrated" kind of fine.

    Unfortunately it has to be this way because even with "large" fines it's become a cost of doing business thing. Since business treats it that way, it needs to become a "put you out of business" kind of fine.

    The fine should probably include a claw back of all compensation of C-Levels for the duration of the breach. They want to claim the ship only runs true with them at the helm, they have take the responsibility for everything the ship does daily.

    • I think it should hit where it really hurts: putting people in jail. For some reason when companies do horrible stuff they get away with it by paying fines. Make it someone's personal responsibility.

    • Re: (Score:2)

      by DarkOx ( 621550 )

      Except the problem here is government. It was the government that broke the law, when their IT group chose teams or perhaps accepted an updated EULA that violated their own data privacy laws. It does not sound like Microsoft ever offered or was asked to provide a customized teams, that did data collection differently.

      Imagine if someone in the food service department went over to the local home store a bought a bunch of containers, not food safe, and put the school lunch supplies into them. Would you blam

      • But can an updated EULA override and signed contract?
        Should the school just shutdown each time the EULA is updated for legal to look it over? (but even to log into set all users to disabled may need you to get past that new EULA)

        • Re:We need worldwide Data / Privacy standards (Score:4, Insightful)

          by Inglix the Mad ( 576601 ) on Monday May 19, 2025 @11:36AM (#65387543)
          EULA's need to go the way of the Dodo as they stand now anyway. They're nothing less than "COMPANY GETS TO DO WHATEVER IT WANTS AND IF YOU DON'T LIKE IT TOUGH" documents. We've spent 50 years creating legal fictions that give corporations more rights than people, and it has to be rolled back.

        • Re: (Score:2)

          by DarkOx ( 621550 )

          No the School should not deploy software updates until any revisions to the EULA have been reviewed.

          If Microsoft is in the habit of not allowing downlevel clients to connect for at least long enough for that to be possible and something else to be put in place if the changes are unacceptable, than the product was NEVER fit for use, and again the fault lies with the administrators that chose it.

          It isnt like Microsoft does not have licensing groups that exist specifically to work with education, and other lar

      • Sounds about right to me. But I'll add some things that others have said.. Someone here, explained this to me, and it rang true: Lawyers insist on buying from companies because of liability issues, let's say you have someone/something to blame in case shit happens. So then purchasing policies are crafted to only include products by Microsoft, for example, and even if someone out in the trenches wants to do things differently with open source software, they aren't allowed to.

        Now we know, ironically, as you h

      • This is an accurate take. Every entity which has a responsibility to protect others' data or any allegedly secure data and then chooses to use a Microsoft solution in particular (but really any closed source software) with the potential to intercept that data should be considered to be in violation of privacy laws. Microsoft is an especially egregious choice because the EULAs give them the right to take any data they like and show it to anyone for any purpose they deem relevant. No government entity should

    • Like the title says. I know governments will despise it, but it needs to happen. The law also needs penalties so severe, and immediately enacted upon breach, that it terrifies company leadership.

      Errr, no company was the problem here. This was the government IT systems setup incorrectly. How do you legislate around your own incompetence? Which government department is responsible for fining itself?

  • Easy Fix... (Score:2, Informative)

    by Anonymous Coward
    Make ALL 3rd Party data collection OPT IN ONLY!

  • Big shock, violating children now (Score:3)

    by ebunga ( 95613 ) on Monday May 19, 2025 @11:13AM (#65387439)

    They violate the consent of adults with impunity, so of course they're going to do the same to children.

  • I was unaware (Score:3)

    by Baron_Yam ( 643147 ) on Monday May 19, 2025 @11:21AM (#65387475)

    Since the dawn of Facebook I've been doing my best to keep out of databases, but I use Teams a lot for work, so presumably Microsoft has a lot of data on my face and voice now, all linked to a user ID that matches my real name and a geographical location that is significantly off by IP but very close to the billing address they have for my employer.

    In other words, I have to assume I'm 'in the system' and no longer have the faintest hope of anonymity even against less than state-level actors.

  • More and more MS enables things by default that are all about collecting data most likely so they can sell it. Telemetry (On). Periodic screenshots of users' displays (On). Metadata about gaming habits (On). Biometric data (On)
  • That's strange, there is always data in Microsoft Edge's cache--on machines I don't use it on.

  • Am I the only one who when they see "NSW" thinks it says "NSFW"?

Slashdot Top Deals

An inclined plane is a slope up. -- Willard Espy, "An Almanac of Words at Play"

Close