03.16.21

EPO and Microsoft Collude to Break the Law — Part X: The Spectre of GDPR…

Posted in Europe, Microsoft, Patents at 8:57 am by Dr. Roy Schestowitz

Previous parts:

GDPR and Microsoft
More about Microsoft’s run-ins with European data protection authorities

Summary: António Campinos and his friends may have put the EPO in legal “hot water”, having already outsourced EPO data to a serial GDPR violator with a notorious track record in other aspects, too

In April 2019 it was reported that “the Spectre of GDPR” continued to haunt the hallowed halls of Redmond, this time in the shape of an investigation ordered by the EU Data Protection Supervisor (EDPS) into Microsoft products used by EU institutions.

The move by the EDPS was prompted by the outcome of the Data Protection Impact Assessment which had been commissioned by the Dutch Ministry of Justice and Security in 2018.

“The move by the EDPS was prompted by the outcome of the Data Protection Impact Assessment which had been commissioned by the Dutch Ministry of Justice and Security in 2018.”The EDPS noted that any EU institutions using the applications investigated by the Dutch authorities would face similar issues including “increased risks to the rights and freedoms of individuals”.

The report of the EDPS on the “Outcome of own-initiative investigation into EU institutions’ use of Microsoft products and services” was published on 2 July 2020.

The EDPS identified a number of serious issues calling for further action, including the following:

• The licensing agreement between Microsoft and the EU institutions was formulated in loose manner that effectively permitted Microsoft to act as a data controller which the EDPS found inappropriate.

• The lack of control by EU institutions over which sub-processors Microsoft used and the lack of meaningful audit rights presented significant issues which needed to be addressed.

• EU institutions were unable to control the location of a large portion of the data processed by Microsoft. Nor did they properly control what was transferred out of the EU/EEA and how. There was also a lack of proper safeguards to protect data that left the EU/EEA.

• EU institutions had few guarantees at their disposal to defend their privileges and immunities and to ensure that Microsoft would only disclose personal data insofar as permitted by EU law.

According to the EDPS, the EU institutions lacked sufficient clarity as to the nature, scope and purposes of the data processing carried out by Microsoft and the risks to data subjects for the purpose of complying with their transparency obligations towards data subjects.

The EDPS recommended that all EU institutions perform tests using a revised and comprehensive approach in order to monitor and stem the flow of personal data generated by Microsoft products and services and sent to Microsoft.

“The EDPS recommended that all EU institutions perform tests using a revised and comprehensive approach in order to monitor and stem the flow of personal data generated by Microsoft products and services and sent to Microsoft.”It remains to be seen whether or not the EDPS’ beef with Microsoft will be resolved in an amicable manner or whether it will result in the imposition of GDPR fines which, in serious cases, can be as much as 4% of a company’s worldwide annual revenue.

Microsoft has also had its fair share of grief with the data protection authorities in the EPO’s main host country, Germany.

Back in July 2019 it was reported that the data protection authority in the state of Hesse had issued a ruling that Microsoft’s Office 365 could no longer be used by schools following the closure of a German data centre which had been used by Microsoft to provide cloud services.

This ruling came after several years of domestic debate about whether German schools and other state institutions should be using Microsoft software at all.

To allay German privacy concerns, Microsoft had invested millions in a German cloud service, and in 2017 Hesse authorities agreed that local schools could use Office 365 as long as German data remained in the country. But in August 2018 Microsoft decided to shut down the German service which meant that, once again, data from local Office 365 users would be transmitted across the Atlantic.

“…in August 2018 Microsoft decided to shut down the German service which meant that, once again, data from local Office 365 users would be transmitted across the Atlantic.”In view of the changed circumstances, the data protection commissioner decided that there was now an unacceptable risk that users’ data could be accessed by US authorities.

More recently, in October 2020, it was reported that at the Conference of German Federal and State Data Protection Supervisory Authorities, a majority of Germany’s regional data protection commissioners supported a finding that Microsoft Office 365 did not comply with GDPR standards. They also made clear that changes were urgently needed to comply with the CJEU Schrems II judgment on cross-border data transfers.

Once again, it’s too early to say whether this matter will be resolved in an amicable manner or whether it will result in the imposition of GDPR fines.

However, for some time now German lawyers have been warning their clients about the potential financial risks of using non-GDPR compliant software, including many widely used Microsoft products.

For example, one Hamburg-based law firm published the following advice in July 2020:

“…for some time now German lawyers have been warning their clients about the potential financial risks of using non-GDPR compliant software, including many widely used Microsoft products.”“Using MS-Teams, Skype and other Office 365 services violates data protection law and may result in million Euro fines. That’s the conclusion of two papers recently issued by the Berlin Commissioner for Data Protection and Freedom of Information. There is urgent need for action in many companies now.”

Time will tell whether or not such warnings are justified. However, based on past experience Microsoft is unlikely to be given an easy ride by the German and other European data protection authorities and this may well have some unpleasant fallout for commercial users of its services and products.

In the meantime German scepticism about Microsoft has surfaced in the European Parliament.

In February 2020, Klaus Buchner – a university professor, physicist, and MEP for the green-conservative Ecological Democratic Party – submitted the following question to the EU Commission:

Subject: Microsoft Windows 10 in European local authorities

IT is part of our critical infrastructure, and in European local authorities as well IT means Microsoft Windows and Microsoft Office. It is as if European drivers could only buy cars made by one US manufacturer. As a result, European local authorities and European industry are totally dependent on a foreign monopoly supplier and are required to kow-tow to a foreign legal system and comply with foreign court judgments, which apply to Microsoft in the EU as well. To make matters worse, Windows 10 systematically transmits personal data to Microsoft. Little is known about how that data is used. The upshot is that local authorities may find themselves facing legal action for breaches of the data protection rules and the German Industrial Constitution Law. Background: ‘[...] The Data Protection Officers of the Federal Government and the Länder see little scope for using Microsoft’s Windows 10 operating system in accordance with the law […]’

Instead, standard programmes could be developed at EU level and made available to local authorities free of charge. This standard software could also be hosted in regional data centres in the EU and interested local authorities could transfer their IT operations to those centres. Of course, each local authority would be required to tailor the standard programmes to local needs and operate them independently, either from their own data centres or in an EU cloud.

1. Are there alternatives to monopoly costs and data protection problems?
2. Does the Commission see any scope for offering greater support for the use of free openware such as Linux and OpenOffice / LibreOffice?

The answer which came back from EU Commissioner Thierry Breton was for the most part the usual hot air which didn’t really address the elephant in the room.

“In the meantime German scepticism about Microsoft has surfaced in the European Parliament.”However, Breton took advantage of the opportunity to plug the Commission’s ongoing efforts to promote an “EU cloud initiative” which would “offer credible European alternatives to non-EU providers”.

And with that, we conclude our potted history of Microsoft’s long-running and continuing problems with European data protection authorities.

In the next part we will take a look at some “close encounters” between the software behemoth of Redmond and other regulatory authorities, in particular the trust-busters on both sides of the Atlantic.

Share in other sites/networks: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Reddit
  • email

This post is also available in Gemini over at:

gemini://gemini.techrights.org/2021/03/16/epoleaks-report-march-2021-part-10/

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

What Else is New

  1. Disregard Web Sites That Call Themselves 'News' and Instead Promote Proprietary Software for Companies Like Microsoft

    Publishers like IDG have long been paid-for marketing in ‘article’ clothing, sometimes with the veneer of ‘reporting’ (as if they have some inside knowledge or insight, e.g. speaking with or for the company they secretly coordinate with or market for); but sadly we’ve been seeing some so-called ‘Linux’ sites doing the same thing, in effect acting like de facto Microsoft marketers

  2. [Meme] Who Needs Examination Anyway When There's 'Hey Hi' (AI)?

    The patent production line could do away with 'pesky' and 'opinionated' examiners who actually wish to scrutinise alleged 'inventions'

  3. Europe's Second-Largest Institution Corrupting the Media and Buying Expensive Puff Pieces

    As annual reports reveal, the EPO wastes an extraordinary amount of money on reputation laundering campaigns and it pollutes the signal by paying publishers; we examine this issue using the new 'reports' shown in the video above

  4. Links 6/5/2021: Fedora’s Compiler Policy and Celemony Software GmbH Adopting Free Software

    Links for the day

  5. Free Software Proponents Don't Fall for Bullshit (Same is True for EPO Examiners)

    There are parallels between what happens in the Free Software Movement and the EPO, where well-meaning people — and usually hard-working scientists — are besieged by people who never really contributed anything to society

  6. IRC Proceedings: Wednesday, May 05, 2021

    IRC logs for Wednesday, May 05, 2021

  7. Lessons From Another Failed Coup Against the Free Software Movement

    The coup has very clearly failed and we should prepare for future attempts (they go in cycles); the monopolies really dislike software they cannot control fully (e.g. copyleft/GPL-licensed software)

  8. Links 5/5/2021: Mesa 21.1 Released and New Releases of Python

    Links for the day

  9. Links 5/5/2021: StarLabs, GNU Zile 2.6.2, Fedora i3 Spin

    Links for the day

  10. Phony 'Scandals' From Phony 'News' Site ZDNet

    Steven J. Vaughan-Nichols continues the coup against the FSF (trying to separate it from its founder, Richard Stallman), funded by IBM and Microsoft to engage in libel at a marketing company-owned ‘news’ site called ZDNet

  11. Links 5/5/2021: Windows Security Breaches and GNU Pokology Launched

    Links for the day

  12. IRC Proceedings: Tuesday, May 04, 2021

    IRC logs for Tuesday, May 04, 2021

  13. Links 4/5/2021: Taiwins 0.3, KDE Plasma 5.21.5 Released

    Links for the day

  14. EPO Already Wasting Money on Media Manipulation Campaigns for European Inventor Award

    An online-only European Inventor Award 'event' is being used as a pretext/excuse to flood European publishers with money they can rightly perceive as 'hush money'; everyone out there with no spine would likely buckle at the sight of EPO euros and just produce mindless puff pieces that serve to distract from EPO corruption

  15. The Timing of This Melinda Gates Tweet Was Always Curious...

    Remarking on her trip to Africa, where the Gates family lobbies for monopolies on seeds (for profit or course, notably through Monsanto/Bayer, which the Gates family heavily invests in), she posted pure fluff and old photos. And it’s hard to believe she had nothing better to do at the time (better than such nostalgia). As we noted last year: “The above tweet of a beach was posted [by Melinda Gates] on the date of the arrest/search of their employee, who was at their residence at the time.” He was arrested around the very same time this tweet was posted. As we wrote last year (based on detailed documents obtained from the police department): “This tweet was posted 2 hours and 40 minutes after the door was breached and incriminating evidence collected.” He was arrested later that morning at the mansion of Bill and Melinda Gates (the police records contain detailed timelines to confirm the chronology). Melinda’s first name was also in the CP 'stash'.

  16. Media Frenzy Around Gates Divorce Helps Distract From Bill's Crimes

    The distraction from many Gates scandals is cushioned by yet another personal fluff; we would rather see investigative journalism pursuing real answers about real scandals

  17. IRC Proceedings: Monday, May 03, 2021

    IRC logs for Monday, May 03, 2021

  18. EPO Disregards Animal Welfare

    An often overlooked issue surrounding the second-largest institution in Europe is its impact on millions if not billions of animals; there's ongoing research into that

  19. Links 3/5/2021: Sparky 5.15, Bill Gates Divorce, Netflix Fraud

    Links for the day

  20. Links 3/5/2021: New in OpenBSD 6.9 and Audacity Acquired By Muse Group

    Links for the day

  21. Adding, Seaming Together, Merging, or Concatenating Videos From the Command Line With FFMPEG (Scripting for Streamlining of Workflows)

    In order to enrich the looks of videos with almost no extra time/effort (all scripted, no GUIs should be needed) use ffmpeg with the concat operator; but there are several big gotchas, namely lack of sound and need for consistency across formats/codecs and even sampling rates

  22. IRC Proceedings: Sunday, May 02, 2021

    IRC logs for Sunday, May 02, 2021

  23. StatCounter: In May 2021 Windows Market Share Falls Sharply to Just 28%, Whereas GNU/Linux Climbs to 2.31% in Desktops/Laptops

    StatCounter isn't an authority on truth; nevertheless, it helps expose some trends and it shows that Windows is consistently falling, whereas GNU/Linux moves up steadily

  24. Links 3/5/2021: Ubuntu EoL Dates and Nitrux 1.4.0

    Links for the day

  25. Richard Stallman: “Google Can Forcibly Impose Software Changes and the User Can’t Say No.”

    "This is the same thing that Microsoft has in Windows," Stallman told me, "so Microsoft can also impose software changes. Any malicious feature that's not in the program today could be remotely installed tomorrow."

  26. It's Not About Richard Stallman

    First they came for the Founder...

  27. Links 2/5/2021: “Landlock” in Linux 5.13, Comics, Patents Catch-up

    Links for the day

  28. Audacity for Audio Editing With Free Software Only (GPL)

    Audacity is still our software of choice for audio editing; it had a new stable release just 10 days ago (GPL-licensed)

  29. TechBytes Episode 90: “Big Brother That Would Give Mr Orwell Nightmares.”

    An episode which focuses on the impact of COVID, privacy implications, games, and so-called 'cancel culture'

  30. Microsoft-Centric “Ransomware Task Force”

    Mitchel Lewis, a former Microsoft employee, takes a look at Microsoft-connected or Microsoft-controlled 'think tanks' in 'task force' clothing (Original by Mitchel Lewis, republished with permission)

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts