When using Microsoft Office, your data is stored in the cloud. Due to the US Cloud Act and the Schrems II ruling, this is problematic in terms of data protection if your work involves handling personal data. However, companies do not necessarily have to avoid the otherwise omnipresent Office package completely. Today, we explain how you can use Microsoft Office without violating data protection laws.
No way around it: Microsoft Office is the de-facto standard
Microsoft Office has for a long time been the de-facto standard in office productivity suites and that influence has crept over into other aspects of the workplace software market. Many businesses insist on using Microsoft Office, which makes it a requisite for their business contacts. Although there are good alternatives, many organizations don’t consider switching: investments in licenses and training are made, and many fear disadvantages due to incompatibilities.
The issue: Storage in public clouds
Microsoft Office stores your data in the cloud, for instance when users share their documents via Microsoft OneDrive, SharePoint or Teams. Microsoft 365 treats data privacy considerations even more roughly and stores all documents and emails directly in the cloud. Since Microsoft is a US company, it is subject to the Cloud Act. In other words, the company is required by US law to give government agencies access to Microsoft’s users’ data upon request. While this is bad for data privacy, it now also is a tangible liability issue for European companies: The European Court of Justice has struck down the so-called “Privacy Shield” in 2020, meaning that is no longer any legal basis for transferring data to the United States.
So, do businesses now even have a chance of sticking with Microsoft Office? Yes, they have! By cleverly tweaking the Office ecosystem, documents can be prevented from being transferred to Microsoft’s cloud, avoiding both privacy breaches and liabilities towards European supervisory authorities. Businesses are advised to take the following measures in order to use Microsoft Office in way that is compliant with data privacy regulation:
- Instead of OneDrive or SharePoint, organizations should use another solution for storing files. They should operate it as a private cloud in their own data center or with an IT service provider of their choice. So-called on-premises file sharing solutions are best suited for this.
- With Microsoft Office Online Server, an on-premises browser version of the Office suite is available. As with the aforementioned third-party file sharing solutions, businesses can operate Microsoft Office Online Server in their own data center or with an IT service provider of their choice. Thanks to the open-standards WOPI protocol, Microsoft Office Online Server can easily be integrated with a file sharing solution of choice. As a result, users can edit Office documents with Microsoft Word, Excel or PowerPoint in their browsers without transferring them to a cloud controlled by Microsoft.
- Microsoft Outlook can also be used risk-free by combining it with a file sharing integration. Instead of sending documents directly as an email attachment, users then simply add links to files or folders stored safely in their third-party file sharing solution. That way, documents never actually leave the company’s private cloud.
- To share and jointly edit documents in a privacy-compliant way, some file sharing solutions can also be integrated directly with Microsoft Teams.
“Organizations can easily operate file sharing solutions such as ownCloud in-house or as a managed service with a trusted provider. With ownCloud and their Microsoft applications integrated, employees can experience the full productivity and seamless connectivity without risking unauthorized access or data protection breaches, thanks to a centralized data storage in their private cloud. It really is the best of both worlds,” says Tobias Gerlinger, CEO and Managing Director at ownCloud. “As ownCloud is open source, enterprises avoid vendor lock-ins and get full code transparency for additional peace of mind.”