Landing : Athabascau University

Microsoft under GDPR microscope for Office 365 and OneDrive | Alphr

By Jon Dron 15 November 2018 @ 12:04pm Comments (4)
https://www.alphr.com/microsoft/1010196/microsoft-under-gdpr-microscope-for-office-365-and-onedrive?_mout=1&utm_campaign=alphr_newsletter&utm_medium=email&utm_source=newsletter

No big surprises here to anyone that has ever so much as glanced at Microsoft's business model and historical abuse of its customers, but definitely a matter of concern for organizations (like Athabasca University) that rent their services from Microsoft, especially given the fact that hosting for O365 is in Trumpland. In brief, Microsoft has been secretly collecting user data from many apps (including the Office suite) without telling its users, thus failing Privacy 101.

We should not be using this service, and nor should anyone outside the US who cares about confidentiality or privacy. Those in the US who deal with sensitive data should also avoid it, but they've got bigger privacy problems to worry about than this.

Comments

  • Richard Huntrods November 15, 2018 - 12:12pm

    Well, it's interesting, informative and a bit (? a lot!) scary that about a year ago I complained on the union website about hosting our "stuff" on american soil and the overwheming reaction was "so what?".

    We (people) are our own worst enemies when it comes to protecting ourselves. Look at the database of photo-ids that have been collected by the TLA (three letter agencies) in the US just from publicly shared selfies.

     

  • Jon Dron November 15, 2018 - 1:12pm

    I use Google and various other services that harvest and use my data in ways that I dislike, but I am sometimes willing to trade some privacy for some utility. It's my choice, notwithstanding that I may not be sufficiently informed or aware of the consequences. If, however, a company that I work for or that is providing me with an education forces me to do this, it's another matter altogether. Whatever they may feel about their own privacy, they have a legal and moral duty to protect mine.

    An answer that I have repeatedly received on my numerous challenges to this policy (it's not just O365 - a very large number of our systems that contain extremely private data are now in the US cloud, from online exam systems to student support systems to, now, Moodle) is that none of our data are safe anyway, so what does it matter? Words fail me at that point. I accept that we fight a constant and losing battle against those who profit from abuses, but that doesn't mean we should simply give up. It's not helped by the fact that the Albertan government doesn't seem to care much either. In other provinces, such as BC and Nova Scotia, what we do would be illegal but, with some provisos (mainly based on a liberal interpretation of PIPEDA), Alberta still allows it.

  • Steve Swettenham November 16, 2018 - 9:09am

    Any computing device connected synchronously or asynchronously to a network can be harvested...and is.  Another Snowden déjà vu.

    The question is no longer why or how could digital data be used, rather its just a matter of when...and soon even that will not be a question....ah too late no longer a question, now 24/7Sealed

    PS. I deleted my LkIn account... at least from my display. Undecided

  • Jon Dron November 16, 2018 - 10:48am

    Indeed, Steve.

    Any bicycle lock can be broken within about 5 minutes with the right tools. Most take seconds. But should we stop using bike locks? Or legislate that anyone can take anyone else's bike? I think we have to start somewhere, and legislation (with teeth to bite transgressors in ways that act as a real disincentive) is not a bad place to start. Meanwhile we need to build better locks, or educate ourselves to use them better, or maybe to rethink how we share our data altogether. I'm a bit intrigued by Solid, not because it's a new or radical idea, but because it has TBL behind it. Not an incredibly reliable solution, but really a lot better than what we have today.