Every now and then we get news about how using Microsoft products isn’t compliant with EU law, but nothing really changes after it. Maybe this time? 🤷‍♂️

Notable in this case from Austria:

* Microsoft shifted all responsibility to comply with privacy laws onto schools and national authorities - that have little to no actual control over the use of student data.
* The Austrian DSB found several GDPR violations. First, it found Microsoft 365 Education used tracking cookies without consent, which was found to be illegal.
* Second, Microsoft violated the right to access under Article 15 GDPR by not providing full access to the data of the complainant.
* Microsoft did not provide the Ministry of Education with full information regarding the data processing in Microsoft 365 Education, which makes it basically impossible for local schools to comply with their obligations under Article 13 and 14 GDPR.
* If Microsoft does not provide clear information and more powers to its commercial customers, using Microsoft 365 is hardly compliant with EU law.

https://noyb.eu/en/noyb-win-microsoft-365-education-tracks-school-children