An advocacy group which goes by the name, NOYB, has accused software giant Microsoft of shifting the burden of responsibility for children’s personal data onto inadequately prepared schools, according to complaints filed with Austria’s privacy regulator.
Navigating Data Privacy Concerns in Microsoft’s Educational Suite Amidst COVID-19
The concerns around the same have been raised by critics and competitors of the U.S. tech giant.
The use of Microsoft’s 365 Education suite has been experiencing surge online post the COVID-19 pandemic. This suite includes popular software like Word, Excel, Teams, PowerPoint, and Outlook.
NOYB contends in its initial complaint that the tech giant is evading its obligations as a data controller under the EU’s General Data Protection Regulation (GDPR) by transferring this responsibility to schools, which lack the necessary infrastructure to manage such data.
Maartje de Graaf, NOYB’s lawyer argues that expecting schools to audit or instruct Microsoft on data processing is impractical and out of touch with reality, also suggesting that company is trying to distance itself from accountability for children’s data.
In a response to the same, Microsoft while emphasizing its commitment to safeguarding the privacy of young users, said that its M365 for Education suite adheres to GDPR and other privacy regulations.
However, NOYB’s second complaint raises concerns about the use of cookies in Microsoft’s 365 Education, which advertisers employ to track user behaviour.
NOYB’s Allegations Against Microsoft Spark Investigation
As per the NOYB lawyer Felix Mikolasch, Microsoft’s software appears to track users indiscriminately, potentially affecting a substantial number of pupils and students across the EU and EEA.
In order to investigate these complaints and impose fines on Microsoft if warranted, NOYB has called upon the Austrian Data Protection Authority.
In a response, Microsoft has expressed willingness to address any inquiries from data protection agencies regarding NOYB’s allegations.
Highlighting the complexities of compliance with stringent regulatory frameworks in the digital age, these developments underscore ongoing debates surrounding data privacy in educational technology.