Blog | News from ownCloud

Microsoft 365 to be banned in schools: Data protection officers warn

Baden-Württemberg's data protection officer underpins his appeal to schools to ban Microsoft's cloud office, with reference to claims for damages.
ownCloud secure cloud solution for filesharing

Trouble is brewing for educational institutes in Baden-Württemberg, Germany, which continue to work with Microsoft’s cloud-based Office 365 package despite repeated warnings by the data protection supervisory. The data protection authority in the Ländle writes in its activity report for the year 2022: „We urgently recommend that all schools switch over quickly. If we receive any further complaints, we will also investigate them.“

Due to Microsoft’s questionable data protection and compliance policies, which has been known for a long time, there is only a short period of time to act „in order to guarantee the rights and freedoms of the people concerned more quickly“.

Jan Wacke, who is currently in charge of the supervisory authority after the departure of data protection officer Stefan Brink, underpins the appeal with a reference to potential claims for damages under Article 82 of the General Data Protection Regulation (GDPR). The extent to which appropriate payments would be made to those affected by schools and how the courts would react to this „has yet to be seen“.

The authority advises the Ministry of Education, the supreme supervisory authority for schools, to „emphasise this problem in order to protect them from harm“. As part of the digital education platform, „good alternatives are now available„. Brink had previously fought for years to keep Microsoft out of the country’s offering and predominantly open source software is used.

Integrate Microsoft Office 365 with ownCloud

Edit documents with Microsoft Office Tools straight from your ownCloud

„Individual schools“ are still using Microsoft 365 or parts of it, such as the Teams video conferencing solution, despite repeated warnings about privacy risks , the report says. On the other hand, there were „numerous complaints from parents and students“. As part of a pilot test with a specially configured version, the Office package could not be operated in compliance with data protection: „For numerous data flows and transmissions of personal data“, the examiners found „no legal basis“.

In addition, according to Wacke, „so far none of the schools we have contacted“ has been able to provide sufficient evidence „which refutes our findings and measurements for the configuration used in them“. Public authorities cannot simply trust manufacturers‘ performance promises.

Based on this article published in Heise (text in German)

Anwesha Ray

Februar 22, 2023

Ready to see what’s next?

Having trouble viewing or submitting this form?

Contact Us

We care about protecting your data. Here’s our Privacy Policy.

Read now:

Sprint Review: Hybrid User Attributes

Sprint Review: Hybrid User Attributes

In recent weeks, ownCloud developers presented a bunch of helpful new features in user/group and identity management. It is now possible to override ID settings by the local ownCloud server, and a logout will end all of the user’s sessions in the backend. Apart from that, there’s a new side panel for user settings, and much more.

mehr lesen
ownCloud Infinite Scale with Microservice Architecture

ownCloud Infinite Scale with Microservice Architecture

Infinite Scale is a complete modernization of ownCloud in Go. With Infinite Scale, ownCloud promises to push the performance limits of its platform, having made a huge change in its data distribution platform. The geo-distributed and federated approach is modern and up-to-date. The partnerships – especially with CERN – lend the product additional credibility in terms of security and interoperability.

mehr lesen