By

A privacy advocacy group in Austria filed two complaints against Microsoft on Tuesday, alleging that its widely used education software violates data protection rights for children.

Microsoft Faces Allegations of Violating Children's Privacy

The Vienna-based European Center for Digital Rights, also known as Noyb (None of Your Business), claimed that young people across Europe are increasingly at risk of privacy violations due to the widespread adoption of online learning.

The group urged Austrian regulators to investigate and potentially penalize Microsoft, arguing that schools lack the means to oversee and safeguard students' data when using Microsoft 365 Education software. 

With its 365 Education services, Microsoft allegedly violated children's data protection rights. When students wanted to exercise their General Data Protection Regulation (GDPR) rights, Noyb said Microsoft reportedly shifted responsibility to the schools, designating them as the "controller" of the data. 

The complaint alleged that GDPR rights are being disregarded. Microsoft is accused of attempting to offload most of its legal responsibilities under the GDPR to schools that offer Microsoft 365 Education services. 

Maartje de Graaf, a data protection lawyer at Noyb, has expressed concern over the approach taken by software vendors like Microsoft. She noted that Microsoft possesses all the pertinent information about data processing in its software but shifts the burden to schools regarding exercising rights, leaving schools unable to fulfill transparency and information obligations.

De Graaf noted that under the current system imposed by Microsoft, schools would have to audit Microsoft or provide them with instructions on processing pupils' data, a situation she described as unrealistic.

She viewed it as an attempt by Microsoft to shift responsibility for children's data away from itself. According to Noyb, determining which privacy policies or documents apply to Microsoft 365 Education is an ordeal. A lack of transparency reportedly forces users and schools to navigate a maze of privacy policies, documents, terms, and contracts. 

De Graaf said Microsoft's information was vague, making it nearly impossible for even a lawyer to comprehend how the company processes personal data in Microsoft 365 Education. She noted that it was also impossible for children or their parents to understand the extent of Microsoft's data collection.

Read Also: Storm-0539 Cybercrime Gang: Microsoft Alerts Companies of Gift Card Fraud From Moroccan Hackers

US-HEALTH-VIRUS-SCHOOLS
Children attend online classes at a learning hub inside the Crenshaw Family YMCA during the Covid-19 pandemic on February 17, 2021 in Los Angeles, California. - While many area schools remain closed for in-person classes, the learning hub program provides structured distance education resources including free WiFi, electricity, staff support, academic tutoring, and recreation activities to provide a safe environment to support low income and minority communities.
(Photo : PATRICK T. FALLON/AFP via Getty Images)

Response of Microsoft to the Allegations

Noyb is urging the Austrian data protection authority to investigate and analyze what data Microsoft 365 Education is processing. 

The group alleged that Microsoft's privacy documentation and independent research failed to clarify this matter, breaching the GDPR's transparency provisions. Additionally, the group proposed that the regulatory authority levy sanctions against Microsoft.

Microsoft responded to these allegations with a spokesperson telling AFP that their software adheres to relevant privacy regulations and emphasized the company's commitment to safeguarding the privacy of young users.

Related Article: Microsoft Launches New Team Copilot to Enhance Productivity in Teams and Organizations

Byline

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Tags: Noyb Microsoft Microsoft 365 Education Austria
Join the Discussion