Office 365 declared illegal in German schools due to privacy risks

good article, good news!

we really need laws like this in the US, capitalism has corrupted and failed, time to move on from it instead of continue being taken on a ride. i still consider moving to California at times, it is the best we got on the privacy law and data protection matters although like “green” States have proven, legit ideas do work.

can’t help but paste this here, from lower half of the article:

However, the early-2000s attempts to break free of Microsoft were a function of choice. This time around, the Hessian commissioner for Data Protection and Freedom of Information (HBDI) isn’t just saying that schools would prefer not to use Microsoft, he’s stating that their use of Office 365 is outright illegal. In August 2017, the HBDI ruled that Office 365 could legally be used by schools so long as the back end for the school accounts was stored in Microsoft’s German-located cloud. A year later, Microsoft ceased offering the Microsoft Cloud Germany data trustee model, which was a partnership with Deutsche Telekom, and schools migrated their accounts to the European cloud. Now, the HBDI states that the European cloud may offer access to US authorities; with no way for the German government to monitor such access; this makes use of that cloud illegal without specific consent being granted by its individual users.

In addition to the physical geography of the cloud, the HBDI is unhappy about telemetry in both Office 365 and Windows 10 itself. Neither can be disabled by end users or organizations, and the content of both remains undisclosed by Microsoft despite repeated inquiries. According to the HBDI, the only legal way around the murky provenance of the telemetry—and possible US state access to users’ data—is by asking consent of the individual users. This means that the schools themselves cannot consent on behalf of students, and neither can their parents, according to the HBDI. (Article 8 of the European Union GDPR makes provision for obtaining parental consent for information services to children less than 16 years of age, but its paragraph three specifically states that this doesn’t invalidate contract law of its member states.)