A report written by Privacy Company, a consultancy working on behalf of the Dutch Ministry of Justice claims that large scale collection of personal data is being made through Microsoft Office, the software that include Microsoft Word and PowerPoint, used by millions of users world-wide. The company claims that the data processing activity is performed without informing the data subjects.
In response, Microsoft says that all data collection is performed for functional and security reasons. The data shared however, is considered to go well beyond security and functionality, as it includes email subjects and entire snippets of content.
Another issue highlighted in the report is the fact that Microsoft was transferring data from the EU to its US data centers. However, it has since moved its data centers to Europe, in an effort to be compliant with the GDPR.
The report from the Ministry of Justice said: "Data provided by and about users was being gathered through Windows 10 Enterprise and Microsoft Office and stored in a database in the US in a way that posed major risks to users’ privacy."
Furthermore, the Dutch government declared they were worried they own data had been collected, including that of 300,000 government employees.
In response, a Microsoft representative declared:
“We are committed to our customers’ privacy, putting them in control of their data and ensuring that Office ProPlus and other Microsoft products and services comply with GDPR and other applicable laws. We appreciate the opportunity to discuss our diagnostic data handling practices in Office ProPlus with the Dutch Ministry of Justice and look forward to a successful resolution of any concerns.”