back to article Microsoft menaced with GDPR mega-fines in Europe for 'large scale and covert' gathering of people's info via Office

Microsoft broke Euro privacy rules by carrying out the "large scale and covert" gathering of private data through its Office apps. That's according to a report out this month [PDF] that was commissioned by the Dutch government into how information handled by 300,000 of its workers was processed by Microsoft's Office ProPlus …

  1. Novex

    What about Windows 10 that Office is sitting on?

    Surely the telemetry of both Office and Windows 10 is of concern here, not just Office?

    The easiest way to comply with GDPR is to not collect the data, or at a minimum give us back the ability to say 'no' to data collection of any kind. I'm hoping this will focus some attention on Windows 10 and have Microsoft put back the ability to stop telemetry from the OS, and with all the update screw ups, maybe give us back update control too?

    It all 'worked fine' up until Windows 7, so maybe if it wasn't broken, it didn't need fixing.

    1. Shadow Systems

      Re: What about Windows 10 that Office is sitting on?

      The easiest way to get MS to stop fucking around is to fine them so hard it makes their shareholders bleed like badly butchered pigs. A slap on the wrist won't even make them blink, a few million dollars will make them laugh, but a few hundred BILLION will shove that laughter right back down their throats so they choke on it.

      Give MS a hard date for improvements to be made, test the hell out of the whole thing (OS & office) to make sure it complies, & fine the fuck out of them if it doesn't.

      This "fix it or we fine you to death" tactic is perfect for pretty much *every* company that thinks it can thumb its nose at you. Don't write a stern letter, don't fine them what amounts to sixty seconds of profit on a slow day, fine them so much their shareholders jump up out of their cushy chairs & howl for the situation to change else they get a CEO's head on a pike.

      1. Pascal Monett Silver badge
        Thumb Up

        Re: "get a CEO's head on a pike"

        I like the way you think.

        1. Trollslayer
          Devil

          Re: "get a CEO's head on a pike"

          How would putting it on a fish help?

          1. Charles Calthrop

            Re: "get a CEO's head on a pike"

            don't tell him!

          2. Shadow Systems

            Re: "get a CEO's head on a pike"

            At Trollslayer, putting their head on a fish.

            Perhaps bragging rights for the fish?

            "Look at me! I've got SatNad's head grafted to my ass!"

            Why does that make you happy?

            "Because now when I squeaze my cheeks I can do this!"

            *Picture of the Pike reaching Mach 1 on an exhaust plume of marketing bullshit & hot air bubbles*

            COOL! I want one of those, too!

            =-)p

          3. RancidOrange

            Re: "get a CEO's head on a pike"

            "Don't give him your name, Pike!"

      2. Tom Kelsall

        Re: What about Windows 10 that Office is sitting on?

        The Law is a maximum 20 million Euro fine, or 20% of turnover - whichever is GREATER. Microsoft could in theory be hit very hard indeed by an unremedied breach of GDPR.

        1. Anonymous Coward
          Anonymous Coward

          Re: What about Windows 10 that Office is sitting on?

          It's 4% of turnover... still a not small amount.

          1. Loyal Commenter Silver badge

            Re: What about Windows 10 that Office is sitting on?

            It's 4% of turnover... still a not small amount.

            Technically, it's either 2% or 4% (depending on teh type of infraction) of global turnover. One wonders how easy it would be to actually calculate MS's global turnover, and also where the limit is on determining what applies (i.e. parent and related companies). I expect MS's corporate structure is less complex than some (for instance, a different legal entity in each jurisidiction it operates in, rather than the labyrinthine structures employed by some multinationals to avoid tax), but if they do get fined, this could be an interesting test case.

          2. Andy 66

            Re: What about Windows 10 that Office is sitting on?

            Depends- global annual turnover or Europe? Judging by how much tax these monoliths pay, their declared euro turnover is quite small irrespective of how big their actual euro turnover is

            1. Anonymous Coward
              Anonymous Coward

              "Depends- global annual turnover or Europe?"

              Global means "global" - aka whole planet. Which means what appears in their balance sheets they publish for Wall Street, in MS case - where they can't say "our revenues are zero and our profit negative" - because of course shares and executive bonuses will crumble instantly... nor turnover is easily affected by the tricks they can use to pay less taxes - investors want to see increasing revenues, profits, dividends, and share prices - and executives payouts depends on them too.

              I believe that's why those who wrote the GDPR chose that value, companies can employ a lot of tricks to hide money, but they have to surface them somewhere eventually....

      3. EVP

        Re: What about Windows 10 that Office is sitting on?

        “A slap on the wrist won't even make them blink, a few million dollars will make them laugh, but a few hundred BILLION will shove that laughter right back down their throats so they choke on it.“

        Exactly. Anything else is pointless.

        What is appalling to me, is that big companies with enormous resources (i.e. they do know what they are doing) are allowed to break the law time after time and get away with it by ”oops, didn’t mean/know/whatevermuttermutter, let me fix it in six months, or maybe in twelve if we feel like it” (yet never fixing it).

        If I, say, accidentally exceed the speed limit because I didn’t spot a sign, no amount of explaining will make any difference if I get caught.

        1. Barrie Shepherd

          Re: What about Windows 10 that Office is sitting on?

          Off topic but....

          "If I, say, accidentally exceed the speed limit because I didn’t spot a sign, no amount of explaining will make any difference if I get caught."

          Even more unfair if the speed limit is not related to any accident black spot, road safety or road condition but because it's a 'smart motorway' and they can, in an attempt to get air pollution down to EU requirements. Millions spent on smart motorways and we have to travel at 60 mph. (South Yorks., Notts, and Derbys.)

          Back on topic.....

          In my view the GDPR failed because it did not mandate a users right to clearly say NO to all this data snooping. The rule still seems to be "If you want to use my SW you have to accept me snooping, I just have to ask you to note that I do these things - even if it's not relevant to the SW operation" Android Apps being the worst offenders.

          1. Harmless Drudge

            Re: What about Windows 10 that Office is sitting on?

            It allows you to request the information that Microsoft has collected and to demand that it be deleted or corrected. There are substantial costs associated with those activities so if Microsoft gets requests and incurs those costs it will be quick to provide opt outs rather than incur them. If you object to the data collection in the first place just ask for the information. If people don't do so Microsoft can only conclude that people don't care.

            I gave up using Microsoft products after Windows 7 precisely because I do care (I now use Linux and mostly open source software).

          2. Anonymous Coward
            Anonymous Coward

            "GDPR failed because it did not mandate a users right to clearly say NO"

            I wish people read GDPR at least once.... that kind of snooping is illegal under GDPR. There was no informed consent, and if's far beyond the "lawful basis for processing". GDPR also requires any consent can be withdrawn at any time - and it must be simple to do. Moreover, you can't refuse a service requiring to consent to more data than those strictly required to deliver a service.

            The real question is how much governments are going to go after big companies. They now have the instruments - the will?

            1. DropBear
              Facepalm

              Re: "GDPR failed because it did not mandate a users right to clearly say NO"

              The problem is, most companies seem to have taken the stance that whatever they don't feel like turning off is now "essential" and there's no way to change that short of actually challenging that.

              Also, while most are now actually offering the option to turn of _some stuff_, the actual deal is "either click here to accept maximum slurping, endure a literal third of your screen being obscured by a mega-banner until you do, or manually untick 135 pre-ticked checkboxes on the provided settings page (and do it all over again next time unless you're comfortable with us knowing that it's _you_ visiting every damn time you look at any of our pages)".

              Why the hell isn't there an _anonymous_ setting / cookie / whatever I can use to simply proactively declare to each website I visit "only technically unavoidable cookies please"? Or if there is (considering DNT sounds an awful lot like that) why wasn't that made legally binding...?

              1. Anonymous Coward
                Anonymous Coward

                Re: "GDPR failed because it did not mandate a users right to clearly say NO"

                They are testing the will to go after them - each "practice" you pointed out is illegal under GDPR. What is essential is not at the whims of companies. Consent must be opt-in, so you can't pre-tick checkboxes.

                Each law, even the best one, is useless if no one is going to enforce it effectively. Some companies believe they grow too big to be forced to abide to the law. Probably they also hope that with a EU Commission that is going to be renewed next year, with EU elections looming (and for many parties it's a test of their relative strength within their own countries), and Brexit issues, no body will try to enforce GDPR seriously. Hope they'll find they're wrong.

                "Why the hell isn't there an _anonymous_ setting"

                Well the "Do Not Track" flag wasn't very effective, was it? Without a law to enforce it, there's no way such options could work.

          3. Anonymous Coward
            Anonymous Coward

            Re: What about Windows 10 that Office is sitting on?

            In my view the GDPR failed because it did not mandate a users right to clearly say NO to all this data snooping. The rule still seems to be "If you want to use my SW you have to accept me snooping, I just have to ask you to note that I do these things - even if it's not relevant to the SW operation"

            No, see this: https://www.theregister.co.uk/2018/11/19/ico_washington_post/

            Just because people break the law, doesn't mean that that the law's what pepole are doing (just that it's ineffectively enforced).

          4. Basic

            Re: What about Windows 10 that Office is sitting on?

            The GDPR Explicitly calls out that you're not allowed to make access to a service contingent on granting consent to have your data processed, unless it's an essential part of providing the service

            Eg not ads, telemetry, etc... Just the core functionality.

        2. Anonymous Coward
          Anonymous Coward

          Re: If I, say, accidentally exceed the speed limit because I didn’t spot a sign

          I'm sure MS lawyers and execs are so poorly paid and thus ill-informed about the law, they can be let off for this "accidental" speeding! :D

    2. bombastic bob Silver badge
      Thumb Up

      Re: What about Windows 10 that Office is sitting on?

      "Surely the telemetry of both Office and Windows 10 is of concern here, not just Office?"

      see icon

      1. Nattrash
        Alert

        Re: What about Windows 10 that Office is sitting on?

        The report (the pdf) itself gives some "amusing" insight...

        Page 12 of 91...

        Technical limitations

        "The technical lab was unable to inspect the contents of the outgoing data stream. As an essential security measure, Microsoft encodes the outgoing traffic to its own servers. Microsoft did not provide tools to the lab to decode the outgoing data stream."

        How surprising...

        "It was not (yet) possible to view the contents of the traffic in another way, because Microsoft had not yet developed a tool to be able to view the diagnostic data in a way similar to the Data Viewer Tool provided for the Windows 10 telemetry data."

        Really..? So MS gathers, encrypts, sends, and stores data they can't view?

        "However, Privacy Company is working with Microsoft to analyse the collected telemetry data. Microsoft has also offered a test version of a data viewer tool to be teste <sic> by SLM Rijk."

        Yours sincerely, your helpful Government.

        1. Nattrash
          Flame

          Re: What about Windows 10 that Office is sitting on?

          And for those reminiscing on (the division of) the power of government in today's world...

          On the same page...

          "When asked how to deal with secret but authoritative answers, Microsoft has specified that SLM Rijk may not share the document, but may use the facts."

          Emphasis by your humble commentard.

          "Resistance is futile".

    3. Anonymous Coward
      Anonymous Coward

      Re: What about Windows 10 that Office is sitting on?

      Remember that telemetry has been retrofitted to Windows 7 and 8 if you aren't extremely careful about how you install it, services run, etc. So, no, everything is not fine now with Windows 7.

      1. Anonymous Coward
        Anonymous Coward

        Re: What about Windows 10 that Office is sitting on?

        Of course, if you ever installed Windows 8 in the first place, all bets are off.

    4. Aqua Marina

      Re: What about Windows 10 that Office is sitting on?

      All we need is everyone from European countries here to report MS to their equivalent of the UK's ICO over this, then sit back and watch as 28 simultaneous charges of breaching the GDPR occur at once. It would be most excellent if each country could fine MS 4% of annual turnover in turn.

      Then follow it up with Apple and Google.

      1. Anonymous Coward
        Anonymous Coward

        Re: What about Windows 10 that Office is sitting on?

        No idea why people lump Apple in with this lot, they aren't anywhere near to the level of Microsoft, let alone Google.

        1. Danny 14

          Re: What about Windows 10 that Office is sitting on?

          fine them in holland. then get germany to fine them too. And france.

          soon i suspect they will get the message.

        2. Steve Davies 3 Silver badge
          Holmes

          Re: What about Windows 10 that Office is sitting on?

          Didn't you know that Apple is persona non grata in these parts?

          They are the company that everyone loves to hate simply because they are so successful.

          From what Tim Cook has stated may times, they are small fry in the data slurp league when compared to MS, Google, Facebook and others but... he could be telling porkies. We simply don't know so we carry on with the guilty until proven beyond all doubt hate of Apple that is the norm and has been the case for years on this site.

          1. Anonymous Coward
            Anonymous Coward

            Re: What about Windows 10 that Office is sitting on?

            Apple are spin masters, alot of the Google data slurp noise is created by Apple and their shill army, the more noise they can fire at Google, the better it makes them look in the eyes of consumers.

            If you look at their data harvesting policy, it's no different at all to what Google do. Apple privacy policy states they collect location data to improve maps for example. So Apple are tracking your every movement, and unlike Google, it's not optional. You agreed to it when you accepted the software licence on your iPhone. At least Google location services can be switched off.

            1. Anonymous Coward
              Anonymous Coward

              Re: What about Windows 10 that Office is sitting on?

              Apple privacy policy states they collect location data to improve maps for example

              Judging by the appalling state of Apple maps it appears you have picked the one thing that Apple is not snooping on. :)

              At least Google location services can be switched off.

              Settings - privacy - location services. Has been giving control over location data for quite some time, including Apple Maps. For each app, it gives you the choice of always, only when you're actively using the app or off.

            2. RyokuMas
              FAIL

              Re: What about Windows 10 that Office is sitting on?

              "At least Google location services can be switched off."

              I'll just leave this here...

            3. Anonymous Coward
              Anonymous Coward

              "At least Google location services can be switched off."

              Did you miss the article about the fact they can't truly be switched off easily?

              https://www.theregister.co.uk/2018/08/13/google_location_tracking/

            4. JohnFen

              Re: What about Windows 10 that Office is sitting on?

              "it's no different at all to what Google do"

              It's not? So Apple has weaponized all of their products to be surveillance machines, and is following me around both the internet and meatspace, spying on everything I do that they can see in order to compile an ongoing dossier about me even if I don't use any of their products?

              Somehow, I seriously doubt that.

              "At least Google location services can be switched off."

              Yes, and doing so doesn't actually make that data collection stop.

          2. Kiwi

            Re: What about Windows 10 that Office is sitting on?

            From what Tim Cook has stated may times, they are small fry in the data slurp league when compared to MS, Google, Facebook and others but...

            Many times during my school career I heard a whiny child-like voice saying "but he did it too!" as if that somehow excused bad behaviour. Even sometimes a similar whiny kiddy voice saying "but she did it worse".

            That sort of behaviour should be gone by the time of your 10th birthday. It's not a fitting excuse for any adult, let alone the CEO of a large corporation.

            Yet the fans will consider it to be a reasonable excuse regardless of who uses it.

      2. Shadow Systems

        At Aqua Marina, re: fining MS multiple times.

        If MS is a $950B company then 4% would be $38B. Twenty-Eight separate GDPR fines would thus result in a *One Trillion Sixty-Four Billion* dollar fine.

        I like the way you think & bow before your awesomeness. Please remind me to never piss you off. =-D

      3. Hans 1
        Thumb Up

        Re: What about Windows 10 that Office is sitting on?

        28 *4, 112% -> BINGO, MS DEAD all we need is to do it in turns ... who wants to start ? UK, because they are leaving ...

    5. Anonymous Coward
      Anonymous Coward

      Re: What about Windows 10 that Office is sitting on?

      The minimum is not to give back the answer to say no, it is not to enable it in the first place unless we say yes.

  2. Sleep deprived
    Stop

    "The Dutch authorities are working with the company to fix the situation"

    Instead of trying to fix the unfixable, maybe it's time they work with LibreOffice instead...

    1. Anonymous Coward
      Anonymous Coward

      Re: "The Dutch authorities are working with the company to fix the situation"

      Hear hear! Because let's be honest, we're focussing on Microsoft here (by default). And yes, they do deserve it. But think about this; you've got access to the cream of the IT crop in your country. You've the resources to do it right (after all, governments don't have money, it's their citizens). There are all these rumours flying around about "data slurp". And still, with all these opportunities, info, and resources, you (vendor) lock yourself in and afterwards moan about Microsoft doing something EVERYBODY knows they do.

      BOO-HOO!

      You pitiful government! My heart bleeds for you. Especially with your "it wasn't me" arrogant remark about "exploring open standards". If you really knew what you were doing you'd have done that long ago. Ah well, go talk to the city of Munich. They tried it there too, only to reverse it for a zillion euros after Uncle Steve paid them a personal visit. And promised them "advantages" like financial support and HQs in the city... And as we know (Dutch) government officials never ever are sensitive to persuasion. As history shows...

      Oh, and for the cloggers taking offence to my comments: ever taken a good look at the IT of your "Belasting Dients"? Guess they are so committed "to serving the community", that's why they are having issues now with "all employees using the opportunity to leave with a huge bag of money..." Or even try to run their code in VM or without js. Yes, indeed, you can't. I should stop, take my pill and a coffee. I'm getting to old for this sh*t...

    2. Primus Secundus Tertius

      Re: "The Dutch authorities are working with the company to fix the situation"

      @Sleep deprived

      Munich, and other German places, tried that. The problem was that they had to exchange lots of documents every day with other German places still using Microsoft Office.

      The word "compatible" has a special meaning in the computer industry: good enough for salesmen but not good enough for actual screen bashers.

      So Libre Office will not be a practical choice until the vast majority are using it.

      1. Tomato42

        Re: "The Dutch authorities are working with the company to fix the situation"

        Munich was doing just fine with Linux, until one PHB with a vested interest showed up

        1. Danny 14

          Re: "The Dutch authorities are working with the company to fix the situation"

          we have started to move to libreoffice. Ironically its because we get a cheaper deal with office 365 outlook (i disable everything else on the tenant). so its 365 outlook and libreoffice.

        2. rmason

          Re: "The Dutch authorities are working with the company to fix the situation"

          Munich were not doing fine, not even close. It over ran by years and by millions of pounds. At the "end" of the project they had people unable to perform their job roles because software still wasn't working.

          It took them a decade to migrate circa 15k end user machines, and related back end, at this point things still had major issues.

          From that point it took them 4 years to bite the bullet and move back, mainly citing the MS office alternatives as the issue.

          Yes, they had an MS fanboy come in, but that was not the primary driving factor. They recruited them *because* of the issues, and because that after a decade long project they were being told they had to switch to *another* open source office suite and try that for a bit.

          1. Hans 1
            Coat

            Re: "The Dutch authorities are working with the company to fix the situation"

            Gendbuntu

            1. Anonymous Coward
              Anonymous Coward

              Re: "The Dutch authorities are working with the company to fix the situation"

              "Gendbuntu"

              From experience, don't mix .deb files and gentoo unless you *really* know what you're doing...

      2. Destroy All Monsters Silver badge

        Re: "The Dutch authorities are working with the company to fix the situation"

        The word "compatible" has a special meaning in the computer industry: good enough for salesmen but not good enough for actual screen bashers.

        So Libre Office will not be a practical choice until the vast majority are using it.

        Because everyone needs the funky razmatazz of mental disorder driven formatting overkill to bash out a (nowadays practically white, illustration laden and mostly content-free) robo-memo about some shit organization that no-one cares about.

      3. Doctor Syntax Silver badge

        Re: "The Dutch authorities are working with the company to fix the situation"

        The word "compatible" has a special meaning in the computer industry

        It means compatible with the current version of the software and no guarantees about past of future versions.

        There is, however, an open standard for word processing, spreadsheets etc. which is well defined and ensures that your future self, or your successors, will be able to open those documents. Because it's an open, well defined document it means that even if your current product is discontinued it will be possible for someone else to write equivalent S/W so that your access to your old documents will not be blocked. That should be a fairly important consideration for governments whose documents might will have legal significance in decades or even centuries to come.

        Oddly enough that's not Microsoft Office's format, it's the one used by the software you imply has problems when being exchanged.

        The risk of future incompatibility wasn't in the terms of reference of this report and hence is only alluded to in passing. If one were to do a full risk analysis it should be one of the highlights.

        1. Ken Moorhouse Silver badge

          Re: Oddly enough that's not Microsoft Office's format

          I, or rather, a client of mine had an odd experience with Excel some while ago. They maintain a daily Foreign Exchange spreadsheet which is emailed to all staff. Very simple structure - nothing odd about it at all. One day the calculations weren't working properly, I was called out, given a demonstration of the problem - in simplistic terms Excel was emphatic that 1+1=3. Scratching my head I tried a few things (e.g., the long forgotten Recalculate function, and taking into consideration the rows/columns recalculate order), but the problem persisted.

          It was then that I noticed that the user had inadvertently saved the spreadsheet in one of the non-proprietary formats on the Save As.. list, rather than XLS* format. Going back to Excel format solved the problem, but this experience made me think that Microsoft are not participating in a level playing field here.

          My thought is that they are concentrating on their own formats for testing and paying mere lip service to so-called Open Document formats. It calls into question the methodology MS use to develop applications with: it's almost as if they have an IF file_format='xls' then do_this ELSE do_that in their programs, which for me is a Big Red Flag.

          Has anyone else encountered similar anomalies with MS applications?

          1. Richard 12 Silver badge

            Re: Oddly enough that's not Microsoft Office's format

            Has anyone else encountered similar anomalies with MS applications?

            Many times. However, usually when transitioning from Microsoft Office version N to version N+2.

            It's almost like MS don't fully understand their own formats.

      4. Anonymous Coward
        Anonymous Coward

        Re: The word "compatible" has a special meaning in the computer industry

        and it has a specially ueberspecial meaning in Germany, in general ;)

    3. P. Lee

      Re: "The Dutch authorities are working with the company to fix the situation"

      A nice solution, but we need to go a step further.

      Libreoffice as a solution relies on the goodwill of Libreoffice to not snoop. I want an OS which can block application access at the network level. I want an OS which can enforce, "Application X gets access to my file server for file-serving protocols. Application X also only gets access to disk subtree Y." That way I can give my browser widr network access but no disk and my wordprocessor disk access, but little network.

      For those on linux who want a MS options and are willing to go non-free, edrawmax (visio) and wpsoffice (chinese?) look like nice options. I can't vouch for their security and non-snoopiness, but they are far more usable than Libreoffice in an MSOffice environment.

    4. Anonymous Coward
      Anonymous Coward

      Re: "The Dutch authorities are working with the company to fix the situation"

      Instead of trying to fix the unfixable, maybe it's time they work with LibreOffice instead...

      Not until they manage to create a decent installer. The current installer is IMHO an abomination whose user unfriendliness must have inspired by the ribbon is in Microsoft Office. Until they fix that, it is simply not usable in an Enterprise setting, also because updating an anything-but-English is a pain too as a consequence of what they cobbled together.

      I have no idea what they were using when they came up with this approach, but as far as I can tell they got the dosage wrong.

      1. Anonymous Coward
        Anonymous Coward

        Re: "The Dutch authorities are working with the company to fix the situation"

        "Not until they manage to create a decent installer. "

        It depends a lot on who packaged it. - I've never used the windows installer, so I suspect that's what you used.

        I didn't find it very hard at all for the last two libreoffice installations I did.... on one of my laptops, I typed "emerge libreoffice" and waited a *very* long time :-) and on the other one I typed "apt-get install libreoffice".

        1. Anonymous Coward
          Anonymous Coward

          Re: "The Dutch authorities are working with the company to fix the situation"

          "Not until they manage to create a decent installer. "

          It depends a lot on who packaged it. - I've never used the windows installer, so I suspect that's what you used.

          The problem starts when you use a different language. The installer only speaks English, and you have to manually set the UI language after installing the language pack instead of making that a default option ("option" as in "ask the user", just in case). Worse, when you update you have to go through that again. Appalling, and totally NOT end-user friendly, which is the one thing it has to be to generate widespread adoption. Instead, it provides the *perfect* argument for people to fall back to MS Office.

  3. Anonymous Coward
    Anonymous Coward

    Zero Exhaust?

    How do you turn off the slurping?

    Following the link to https://www.privacycompany.eu/en/impact-assessment-shows-privacy-risks-microsoft-office-proplus-enterprise/, what it actually says is:

    Starting today, and with the help of Microsoft, SLM Rijk offers zero exhaust settings to admins of government organisations.

    Sounds like only governments benefit from this :-(

    1. Martin Gregorie

      Re: Zero Exhaust?

      How do you turn off the slurping?

      Add a single configuration parameter. All right, maybe one in each application that makes up the Office package. All it needs to do is to control whether the telemetry port is written to or not. If Office programs are well-structured code this should be quite easy: the sort of thing that one competent programmer can install and test in time for the following month's Patch Tuesday. So why do they need five months to do something that should be so simple?

      1. Anonymous Coward
        Anonymous Coward

        Re: Zero Exhaust?

        > > How do you turn off the slurping?

        > Add a single configuration parameter.

        Of course MS could *add* such a configuration parameter. But it was implied that they've already done so - in which case it's a question of how to find it.

        1. Martin Gregorie

          Re: Zero Exhaust?

          Of course MS could *add* such a configuration parameter. But it was implied that they've already done so - in which case it's a question of how to find it.

          Yes and No. In two places the article says there is no way to disable slurping and then the Zero Exhaust system is mentioned with an (apparently) documented slurp control switch. The crux of the biscuit is: if that's already out then they could simply make the Zero Exhaust version the mainstream product and put it on immediate release. So, if this is the case, then why does M$ think it will take until April next year to make it generally available?

          Fish? I can smell it.

          1. JLV

            Re: Zero Exhaust?

            >why does M$ think it will take until April next year to make it generally available?

            Easy. 5 months of desperate lobbying and Doublespeak ahoy explaining how _customers_ need slurping, they value our privacy and are always out to listen to customers.

            Maybe that horse will sing by then.

            Me I’m wondering who the lucky ones to benefit will be: Euro area only or Canadians too? (we already “benefit” from cookie warnings)

            1. Doctor Syntax Silver badge

              Re: Zero Exhaust?

              "Easy. 5 months of desperate lobbying and Doublespeak ahoy explaining how _customers_ need slurping, they value our privacy and are always out to listen to customers."

              Or simply hoping it will get forgotten. Or it will break several bits of functionality and will have to be removed in order to make everything work properly. It's going to take time to ensure enough functionality gets broken.

      2. Omgwtfbbqtime
        Facepalm

        "If Office programs are well-structured code"

        Yeah, how likely is that?

        1. Primus Secundus Tertius

          Re: "If Office programs are well-structured code"

          The history of Star Office -> Open Office -> Libre Office suggest that it is a mountain of quick fixes, with zero logical integrity. MSO will be the same.

          1. Doctor Syntax Silver badge

            Re: "If Office programs are well-structured code"

            "The history of Star Office -> Open Office -> Libre Office suggest that it is a mountain of quick fixes, with zero logical integrity."

            The early stages of the move from OpenOffice -> LibreOffice involved paying down a lot of that technical debt. No doubt there's still some way to go but then there always is.

      3. John Brown (no body) Silver badge

        Re: Zero Exhaust?

        "So why do they need five months to do something that should be so simple?"

        Because it will take at least that long for the committee to decide exactly what shade of pale grey the user request box must be and exactly how many angstroms up the scale the slightly less pale grey text will be.

    2. codger
      FAIL

      Re: Zero Exhaust?

      Permanently disconnect your PC from the internet. That would do it.

      FAIL icon because teacher doesn't accept this answer.

  4. Anonymous Coward
    Anonymous Coward

    Even if data were stored in EU, MS would be still in breach of GDPR.

    Because the data gathering is too broad, automatic, without user knowledge, and without any way to turn it off.

    1. JohnG

      Re: Even if data were stored in EU, MS would be still in breach of GDPR.

      "Because the data gathering is too broad, automatic, without user knowledge, and without any way to turn it off."

      It is worse than that because there are some options to turn data collection off in various places in Windows 10 - but these only turn a few things off and leave all the other data collection running. It is designed to give the user the false impression that data collection has been comprehensively disabled, when it has not - it is incredibly dishonest.

      1. Danny 14

        Re: Even if data were stored in EU, MS would be still in breach of GDPR.

        plus enterprise get a separate set of GPO settings that really limit telemetry (but still not disable) and common users are specifically told in the gpo that they cant disable. That should also be in breach.

  5. Anonymous Coward
    Facepalm

    I'm really, really (really, really, really) hoping that this stymies forced software telemetry...

    I'm fine with my software validating that it is properly paid for and valid. I'm fine with the option to send telemetry data that may be useful in bug fixes and customer support tickets. However, the idea that MS is storing sections of documents because they are being spellchecked is just nuts.

    Look at your average couple page word-processed document. You probably spellcheck it in 5-10 places, maybe more. If those sections are being stored, then you have a significant security risk, because I could piece together a good deal of what a competitor is doing if you were to give me 20 or 30 sentences from said couple-page document.

  6. dotslash

    What about Azure AD...

    Copying PII to the US?

    1. Anonymous Coward
      Anonymous Coward

      Re: What about Azure AD...

      I was under the impression that it was limited to specific regions that you selected. ps. GDPR is not about PII it is about personal information, doesn't need to be identifiable.

  7. Anonymous Coward
    Anonymous Coward

    Why on earth was a government ever using a cloud-hosted wordprocessor?

    1. Voland's right hand Silver badge

      What do you think is used by UK Parliament?

    2. A.P. Veening Silver badge

      government using cloud-hosted

      "Why on earth was a government ever using a cloud-hosted wordprocessor?"

      In this case: entrapment. Please consider the government involved. Please also consider the nationality of that EU Commissioner to penalize Microsoft with a pretty hefty fine the last time (Neelie Kroes, Dutch).

      1. Destroy All Monsters Silver badge

        Re: government using cloud-hosted

        It's not entrapment if the perp is already doing the deed without you egging him on.

        Something OT from the depths of time: Judge Jackson is a big fat idiot: But MS is hardly in the clear

        1. A.P. Veening Silver badge

          Entrapment

          I concede your point where it comes to legality, but I'd say that knowingly letting something go on in the knowledge you will reap the rewards later is still entrapment from a moralistic point of view. Having said that, I don't have any problem with it.

    3. Anonymous Coward
      Anonymous Coward

      re. Why on earth was a government ever using a cloud-hosted wordprocessor?

      because: CLOUD COMPUTING! SAFE & SECURE! COST EFFECTIVE! EVERYBODY DO IT! LOL!

  8. a_yank_lurker

    "Head on a pike"

    For CPHBs at Slurps having the heads on a pike would not be a fitting punishment, something much more medieval should be used as there is no punishment to'cruel or unusual' for their crimes against humanity. Seriously, the Dutch should turn pursue the maximum fines under the GPDR against Slurp as punishment.

    1. bombastic bob Silver badge
      Devil

      Re: "Head on a pike"

      how about we just fine them instead? then the CEO gets fired over it, when the board members get sick and tired of losing money.

      It's a fair bet that "the fix" will eventually become public knowledge, so that ALL of us can apply 'the fix', not just EU members.

      And THAT is what they (Micro-shaft, etc.) fear.

      1. Omgwtfbbqtime

        Re: "Head on a pike"

        Just need to make the board, personally and jointly liable for fines equal to a proportion of the company fine, so fine the company €100m and each director €10m. Fines are not normally expensable - as it encourages the board to behave legally/ethically if they have to pay for their misdemeanors personally.

        1. Charles 9

          Re: "Head on a pike"

          Or it just convinces their legal team to lawyer their way out of it. Bet you credits to milos they'll find a way to reduce the fines and liabilities, perhaps hang a threat of incompatibility in the government the future, perhaps a change of emphasis to Asia if they have to disconnect things. That's the thing with transnationals: they can play sovereignty against you, and few things are lawyer-proof.

          1. Danny 14

            Re: "Head on a pike"

            thing is, individuala can file an ICO complaint. These are taken on a case by case basis. Just because the gov settles doesnt mean john smith is covered under that breach.

  9. Doctor Syntax Silver badge

    Not wishing to exonerate MS in the slightest but don't the Dutch Government have any responsibilities in this? AFAICS it's they who required their employees to work with this. It may well be that MS did this sneakily behind their customer's back but I rather think that if it were any other employer it would be the employer who would be facing charges and taking out civil proceedings against their supplier for breach of contract, always providing that the contract said they wouldn't do such things. And if the contract was silent on such issues then the employer might even lose.

    1. Danny 14

      they do, and they have taken up the fight as part of their responsibilities. What more would you have them do? They cant drop a signed contract over this as MS wont have broken any laws until proven.

  10. Big Al 23

    Multi-million fine not likely to undo damage

    I have yet to see a multi-million Euro fine undo the privacy violations that have resulted from knowingly violating privacy law and decency. As history has shown when Microsoft or other companies reap billions in revenue annually from violating law a few million in fines is just the cost of doing business. It does not change the corporate mentality or suddenly make them ethical and law abiding. It appears that anything short of a triple annual revenue fine results in a change in business practices. That triple annual revenue should be sent to all of the people violated by Microsoft.

    1. A.P. Veening Silver badge

      Re: Multi-million fine not likely to undo damage

      I concur that a multi-million fine is unlikely to change matters, but this is going to be a multi-Billion fine.

      1. Danny 14

        Re: Multi-million fine not likely to undo damage

        yup. if it is shown to be wilful then thats 4% of takeover bracket (upto yes but that bracket was designed as punishment).

  11. Wellyboot Silver badge

    25,000 "events"

    >>>Microsoft tracks around 25,000 different types of "event"...techies are also able to add new events to be recorded<<< how many types of events are left?

    The report is worth reading.

    >>>until recently there were no central rules governing the collection of the Office telemetry data<<<

    >>data may also include the content of a query sent to search engine Bing, or the content of text you want to have translated. In that case, Microsoft may collect the sentence before and after the sentence you mark for translation, to provide a better translation.<<<

    Talking about targeted recommendations (adverts) >>>protect the monetisation of the Office product, and we accept we have to disrupt the attention of the users.<<< basically MS admitting in writing that trying to get more money out of the punters is more important than letting them use the ones they've paid for already.

    I'll refrain from expletives, they're not adequate to convey the contempt.

    1. John Smith 19 Gold badge
      WTF?

      "tracks around 25,000..types of "event"..techies are also able to add new events to be recorded."

      25 000 types.

      F88k me sideways.

      Do we need to wonder why networks are running slower than they used to in actual throughput?

      1. Anonymous Coward
        Anonymous Coward

        Re: "tracks around 25,000..types of "event"..techies are also able to add new events"

        And be aware it's not only Windows or Office. Today most developer tools offer libraries to add telemetry to applications, and not only Microsoft is abusing it. Obviously, whatever you do in a web application is easily tracked, bot more and more native applications, on mobiles or desktops, and even servers (and of course IoT), are instrumented to record and transmit telemetry. Some companies offer 'telemetry as a service' packages. We have to hope some highly visible investigations and frees will put a stop to this trend making it not legal.

  12. Black Betty

    How the effity-eff-eff does any Govt. or company permit cloudy Office?

    Strikes me that this is a security hole large enough to drive a super tanker through sideways.

    When a client has no effective control over what data is sent to an off site server, they also have no control over who might ultimately view that data. What is to stop some rogue state (ie. my own bloody minded data slurping Australia) requiring document duplication?

    Yes, you may use Office 365 offline, but from my reading, it appears that certain "features" kick in automatically/uncontrollably whenever an internet connection is present.

  13. Anonymous Coward
    Anonymous Coward

    mmmm... my spelling is pretty bad, and my hands seem to type at different speeds.

    Microsoft can you sent me my documents that I’ve accidentally deleted.

    Thanks in advance.

    P.S. If you’d grammar check them first, I’d appreciate it.

  14. herman

    The standard solution with all things MS is a packet filter firewall on OpenBSD, but why bother with MS junkware in the first place? The alternatives are so much better and Free.

  15. Adair Silver badge

    You paid

    ... good money for this computer. Now, keep paying the Danegeld, and give thanks to Microsoft for each day that you are permitted to use the computer.

    [just posted on another thread, but it seems apropos here as well]

    1. DJV Silver badge

      Re: You paid

      Glad you added the final paragraph - I thought I was having a deja vu moment!

  16. The Boojum
    Joke

    But you don't understand...

    The telemetry is just MacroShaft being helpful. It saves the beta-test community (i.e. everyone) from having to manually submit manual bug reports.

    1. Anonymous Coward
      Anonymous Coward

      Re: But you don't understand...

      I'm afraid your sarcasm fell on dead ears, which is a shame. But then, what do you expect, it's only pre-post-brexit-weekend Monday ;)

  17. mark l 2 Silver badge

    Microsoft wouldn't get away with it if a few big licensees (such as governments and big corps) told them, remove your telemetry or we will walk. But by continuing to pay ever year for licenses for Windows and Office rather than taking their money elsewhere MS know they can continue to get away with it.

    1. A.P. Veening Silver badge

      Getting away with it

      But those government will claw back those license fees with usurious interest, calling it fines.

      1. Charles 9

        Re: Getting away with it

        Not necessarily. Their lawyers will have to content with Microsoft's lawyers, and which do you think are better paid?

        1. Anonymous Coward
          Anonymous Coward

          Re: Getting away with it

          Lawyers can only win if the law is in their favour, no matter how much they are paid. Governments set the law.

          1. Charles 9

            Re: Getting away with it

            And who do you think runs the governments...or has the know-how to "grease the wheels"?

        2. Doctor Syntax Silver badge

          Re: Getting away with it

          "which do you think are better paid?"

          I spent a lot of time in courts early in my career. I never heard a judge asking each side how much they paid their lawyers and deciding the case on that. Given that these cases will be heard in the EU they will be out of range of the finest government money can buy. Sad to think that from next March we'll not have that protection in the UK; that's what happens when you have a Home Sec resident in No 10.

          Following the line of Home Secs, what does the panel think about Rudd going to DWP? Isn't that great for them? They really need someone with such technical nous running things there.

  18. Ken Moorhouse Silver badge

    It seems that this covert data gathering may be more reliable...

    ...than the arguably more important facility for users to be able to connect to resources on their LAN.

    https://www.theregister.co.uk/2018/11/16/windows_10_update/

    And I quote: Microsoft says it'll sort out the issues "in the 2019 timeframe."

    1. Anonymous Coward
      Devil

      "users to be able to connect to resources on their LAN."

      THERE ISN'T YOUR LAN - ONLY OUR CLOUD.

      Repeat until it sinks in your soul...

      (an excerpt from Nadella's thoughts....)

  19. Anonymous Coward
    Anonymous Coward

    Hey EU... See that book? Well throw it hard

    at MS.

    Those of us in IT know and have known for years that MS slurps our data and there is nowt that we can do about it.

    I fully expect a few million 'give me all the data you have on me and then delete it' requests.

    1. Doctor Syntax Silver badge

      Re: Hey EU... See that book? Well throw it hard

      "I fully expect a few million 'give me all the data you have on me and then delete it' requests."

      That's going to prove interesting as the report makes quite clear that there's no way to get the telemetry stuff back out and the only way to delete it is to cancel the user ID. Even then individual teams within Microsoft in the US could have made their own copies and there's even less means of knowing about that and getting it deleted. And then there are all the sub-processors such as CDNs.

      I can't imagine even IBM in its pomp getting away with this sort of stuff. And it's only because customers won't face up to their responsibilities and walk away.

  20. Anonymous Coward
    Anonymous Coward

    Mirosoft Teams

    Does the same thing and I've been "reassured" by our workplace security team that it doesn't slurp data hahaha

    Do I still use Microsoft Applications anymore? Only assuredly e.g. draft email/doc in Notepad++ then Copy/paste into MShite application, save and send..

    If I HAVE to

  21. anatak

    Fine the maximum amount. Use the fine to switch 90% to linux.

    Check the remaining 10%. Fine again the maximum amount. Use it to switch 90% of the remaining 10% to linux.

    Repeat till they get the message.

  22. John Tomko

    What is wrong with Europe?

    It used to be that us Americans were the ones constantly accused of forcing the rest of the world to abide by our laws, our social norms, and our cultural institutions. How is it that the GDPR and the more recent copyright reforms (specifically article 13 and article 11 measures) currently being considered by the EU any different? I am giddy with anticipation for the moment when Microsoft and Google finally decided the cost of doing business with you lunatics is too high. What are you going to do if they pull the plug and cut you off. Good luck with your open source initiatives, because that always works... or hey, maybe try to develope your own software solutions bahahhahaha. Sorry couldn't hold it together at the thought of actual innovation in a real marketplace (you know, like the USA) happening in the EU. Nigel Farage does his best to remind you (Europe) of this all the time.

    1. Sorry, you cannot reuse an old handle.

      Re: What is wrong with America?

      American corporations are in cahoot with politicians like nowhere else in the world. They benefit from an immense unfair advantage through corruption (that you insist on calling lobbying) which provides them with very tiny taxes on huge profits and therefore allowing them to grow more easily and protectionist laws (pushed internationally using political/military pressure) making it more difficult for smaller entities to enter the sector/industry, when the latter are not flat removed from competing by simply acquiring them, or other measures "in the interest of national security" to block or stifle competition. Not to mention the added benefit of shares buyback which again increases their market value and allows for even more fictional money to be used to acquire the competition. And not to mention the unfair practices like the one in this article which obviously grants them inside knowledge on competitors or on the market in general and can then be used to win international contracts or blackmail the competition in other ways.

    2. Richard 12 Silver badge

      Abide by their rules or GTFO

      That's the right of any sovereign nation.

      The EU is about 28% of the global market, roughly the same size as the USA.

      So yes, MS, Google et al are indeed free to GTFO, but only by halving their turnover.

      Good luck selling that to the shareholders.

      1. John Tomko

        Re: Abide by their rules or GTFO

        1. 28% of the total global market, but guess what, neither MS, google, or FB derive 28% of their revenue from the EU. So they can afford to tell you where to stick it.

        2. A fine of 4% of gross tips the scales to the point where it is cheaper not to have to worry about the risk of fines, so no more office for you

        3. I wouldn't expect the EU to be 28% of the global marketplace for long when you idiot's cant create or send excel files

        1. GcdJ

          Re: Abide by their rules or GTFO

          Assigning share of global profit for any of these global companies is

          very problematic. Do not treat any numbers as accurate.

    3. John Brown (no body) Silver badge

      Re: What is wrong with Europe?

      I'm not sure what the OPs point is here. As best as I can make out, he seems to be complaining that the EU laws, applicable in the EU, should not apply to US companies operating in the EU.

      He might also like to look at the impact GDPR has had in the US, where California and others are now looking seriously at implementing similar privacy rights for citizens.

      Or is he just a shill for US corporate data slurping? I thought US people were all for citizens rights and privacy?

      1. John Tomko

        Re: What is wrong with Europe?

        The point my slow witted friend is that the EU has no business trying to enforce local regulation on a global scale. Doing so is ad repugnant as what the US has been doing for years. Also, the most significant impact of the gdpr has been the revenue increases for insurance companies and lawyers. Though we shouldn't forget how great a tool it is for censorship. It is now trivial to remove factual information from the net under the guise of RTBF or potential GDPR violations. I would link to several examples but the techdirt.com links keep getting my comments flagged.

        1. Anonymous Coward
          Anonymous Coward

          "EU has no business trying to enforce local regulation on a global scale"

          EU is only enforcing local regulation to its citizens and residents. It really doesn't care about what happens to US citizen if they not happen to be EU residents, or Chinese or Russian or whatever.

          Unlike US which with its CLOUD Act is seeking access to data of foreign citizens stored abroad...

          Evidently, if you want to sell your product and service to EU citizens, or within EU. you have to abide to "local regulations". Of course you can decide not to sell them - sure, you can decided to get out from EU - and lose billions of sales and take a big hit on shares value - you just need to explain it to your shareholders....

        2. John Brown (no body) Silver badge

          Re: What is wrong with Europe?

          "The point my slow witted friend is that the EU has no business trying to enforce local regulation on a global scale. Doing so is ad repugnant as what the US has been doing for years. "

          The EU, with GDPR is not exporting local regulation on a global scale. GDPR only applies inside the EU. Part of the regulation is that personal data may not be exported unless it's properly protected as per the GDPR. Any multi-national that feels it can't comply with the export regulations is free to collect and process that data WITHIN the EU. They can do what they like outside the EU with non-EU data. No one is forcing them to follow GDPR outside the EU. They have a choice.

  23. Anonymous Coward
    Windows

    What are they smoking?

    Can you imagine these cloggy pen-pushers trying to get a job in the real world? Oh, my sides!

  24. Anonymous Coward
    Anonymous Coward

    Mise à jour de nos conditions d'utilisation

    Is this why I just got an email in French claiming to come from Microsoft? I'm guessing they've seen me logging in to Skype in the EU and figured it was the best language to use.

    Not written off it being a scam though.

  25. sitta_europea Silver badge

    "We welcome ... diagnostic data ..."

    Yeah, right.

  26. Anonymous Coward
    Anonymous Coward

    Office365 and Children

    Under GDPR there are special provisions for the protection of children's data and consent has to be obtained from parents. Given that most secondary and college schools have been using Office365 for the last couple of years.

    This would make the material breach of GDPR even more severe. Given that this information is now known, education organisations need to address this breach of information by

    a) requesting from Microsoft under GDPR what information was collected for each student and informing the parents

    b) Upon request of the parents making an request for the deletion of all personal data held by Microsoft or third parties which may have been sold the data (that would be a separate breach)

    c) and look for an alternative supplier which is not in breach of GDPR

    Then a class action for damages can be launched for the loss of privacy

  27. localzuk Silver badge

    Not at all surprising

    Looking at data usage on our firewall/filtering device, Microsoft's servers now top the chart for data usage every day - more so than Youtube even (we're a group of schools).

    Windows 10, Office 365, etc... are incredibly noisy with their data usage. You just have to look at the massive number of IP address ranges and domains they recommend unblocking when you use Office 365 to realise how much data usage there will be.

    1. rmason

      Re: Not at all surprising

      @LocalzUK it can make geoblocking on firewalls etc a pain too.

      We had a very security conscious customer with a sophos X type FW. It offers geoblocking based on a country by country basis.

      "everything off apart from countries we do business with" was the cry. The reality was DOZENS of countries needing to be unblocked or you'd get periodical, random failures of MS office Products and an email from the sophos unit saying it was a blocked country.

  28. Anonymous Coward
    Anonymous Coward

    Wrong approach

    The Dutch authorities are working with the corporation to fix the situation, and are using the threat of a fine as a stick to make it happen.

    That's entirely the wrong approach to take.

    Step 1) Big fines now. Make sure MS and others know they can't keep flouting the laws and then expecting governments to bribe them to fix it later. Make breaking the law hurt, like it does for the rest of us.

    Step 2) Continuing painful fines until it is fixed. Arrest warrants for relevant executives should they take too long to fix (eg "not fixed after 48 hours"). Also, make the warrants remain until the issue is fixed even if the exec retires from the company. If, for some reason the exec needs to travel for some meeting, let them travel but on strict conditions and with 24/7 chaperones (who have the power to arrest them) that the execs themselves have to pay for. The chaperones can stay outside of meeting rooms so long as they can confirm before hand that all possible exits are covered.

    Step 3) IF and when the issue is decently fixed, end all sanctions.

    For too long these types have been able to get away with massive crimes without punishment.

    1. Charles 9

      Re: Wrong approach

      You'll also have to make them lawyer-proof and make sure you don't trigger retaliatory actions (tit-for-tats).

      1. Anonymous Coward
        Anonymous Coward

        Re: Wrong approach

        Lad, when you grow up some you'll realise that no matter how expensive a lawyer is, once a law is clear that's it.

        As another poster here said, judges don't ask lawyers for proof of income.

        1. Charles 9

          Re: Wrong approach

          "...once a law is clear that's it."

          That's the problem. With lawyers, it's NEVER that clear. Laws can be changed, reinterpreted. Even judicial precedent can be challenged in future.

          Put it this way. I'll believe it when the courts can make the Hugh Jass fine final and binding with criminal culpability attached for good measure.

  29. martinusher Silver badge

    Isn't that what "The Cloud" is all about?

    If you work with Office365 then you are effectively working with a web application that's based in the cloud. There might be local storage at a company but its effectively just cached data.

    I'm quite sure that the people who designed these products never intended for customer's data to be visible to the company, they just want to provide users with a useful product while incidentally locking them into their subscription business model. The fact that the traffic to their servers, even if encrypted, could give Microsoft an insight into a customer's business isn't central to Office but it could very well become so if there was a business case (or a government warrant) to do so. I'm just surprised that the EU's GDPR wasn't written with cloud applications in mind, it seems to be stuck in the era of floppies and PCs.

    Personally, I regard cloud based applications with a lot of suspicion. Its not privacy that's uppermost but rather the idea that they assume a reliable, high speed, low latency network infrastructure -- there's just too many points where the system can fail leading you in the lurch, unable to do anything.

    (I also don't get this penchant for shaking down - fining -- large corporations huge sums of money. If you allow your government to get into extortion on a large scale don't complain when they realize that it can be used effectively on a smaller scale. OK. Microsoft is big and bad, I'm no fan of that company and its products, but just turning a blind eye to this because 'they deserve it' or 'they can afford it' really isn't a good idea.)

    1. Anonymous Coward
      Anonymous Coward

      Re: Isn't that what "The Cloud" is all about?

      "they just want to provide users with a useful product while incidentally locking them into their subscription business model."

      Actually I think it's more likely to be "locking them into their subscription business model while incidentally providing users with a useful product."

    2. Anonymous Coward
      Anonymous Coward

      Re: Isn't that what "The Cloud" is all about?

      I'm quite sure that the people who designed these products never intended for customer's data to be visible to the company, they just want to provide users with a useful product while incidentally locking them into their subscription business model.

      Long ago, when MS took over Hotmail, I had a look at the T&Cs. It was quite clearly written in there that MS considered themselves to own the copyright and any other rights to all material that went through HM's servers. IIRC it's where I first saw the importance of being aware of what these things say before you hand over your valuable (or not) data.

      Stuff like this very strongly suggests all along that the intention was for the information to be fully visible and utilised by MS, otherwise why make it even remotely possible for such information to be accessed, and why make the irrelevant information get stored rather than deleted after use? I can understand a translation service using more than just the sentence in question to get a better idea of the context of the topic, but the moment the translated text is returned the lot should be removed from the servers. After that point there is no ethical reason to keep it.

      It's not that hard to code stuff from an intention of being rid of unwanted information and only keeping what is absolutely necessary, and it's fairly easy to code with a view of "destroy by default" and only add in stuff as it becomes clear it's needed. MS has no excuse in this.

      Personally, I regard cloud based applications with a lot of suspicion.

      A good way to go. With the likes of Nextcloud you can do a lot of that on your own, with some inspection of the code (and plugins). Always keep your own copies of the data, and give careful consideration to stuff involving other's privacy. (how does GDPR get around off-site backups and the like?)

      (I also don't get this penchant for shaking down - fining -- ... I'm no fan of that company and its products, but just turning a blind eye to this because 'they deserve it' or 'they can afford it' really isn't a good idea.)

      Make the penalty for a crime low, and crime can flourish. This is seen often, just look at the amount of traffic violations such as using phones while driving. Sometimes for a law to be effective the punishment has to hurt. Used to be around these parts that rich people would speed with impunity because they could afford the fines. Then the demerit points system was brought in, and now while they can afford the fines they will eventually lose their license if they get caught too often.

      MS and other large corps can often easily afford the fines in many of these laws. It's been claimed that various companies will continue breaking the law and paying daily fines that're worth millions if the behaviour is worth 10s of millions. So make the punishments effective.

  30. GcdJ

    So much for Microsoft applying GDPR globally

    When GDPR was being implemented it was refreshing to hear that Microsoft would implement GDPR compliant policies globally. This is quite a unique position compared to the other US tech giants.

    Alas, I guess that was just PR optics and Microsoft will just do whatever they like wherever they like.

  31. Anonymous Coward
    Anonymous Coward

    GDPR BDSM

    If you can't beat 'em, then errr, beat 'em.

  32. Potemkine! Silver badge

    In a statement, a Microsoft spokesperson told us: "We are committed to our customers’ privacy, putting them in control of their data and ensuring that Office ProPlus and other Microsoft products and services comply with GDPR and other applicable laws.

    I wonder how the people working in PR are able to look at them in a mirror without puking? Ablation of moral conscience probably helps.

  33. RyokuMas
    FAIL

    Oh dear...

    Oh, Microsoft...

    You had such an opportunity.

    You could have tested Windows 10 to death, possibly even set up a "revert to Win7" theme (for the UGLY FLATSO haters), and above all, focused on security and privacy, and limited telemetry to crash reporting at the absolute most... with Google and Facebook increasingly coming into question about how they use the data they gather, you did have a shot at re-inventing yourselves to all but the like of those who are still stuck in the browser wars...

    ... but no. You had to try and do the same damn thing as Google and Facebook. And you had to do it badly. Is it that you just can't stand someone else being the villains or something???

  34. Anonymous Coward
    Anonymous Coward

    may put Microsoft on the hook for potentially tens of millions of dollars in fines

    10 years later, after a 100M Euro court case: a fine (maybe)

  35. James12345

    Lawful basis - contract

    https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/lawful-basis-for-processing/

    Microsoft will probably have a contract with the Dutch Gov that gives them the right to collect the data.

    As far as the report goes, there has been no breach, so no reason for the Dutch Info Commission to get involved with Microsoft.

    The Dutch government, however, may be breaking GDPR by sending data to Microsoft without its worker's consent. Dutch GDP - 826.2 billion USD - now that is quite some fine they can impose on themselves...

  36. adam payne

    In a statement, a Microsoft spokesperson told us: "We are committed to our customers’ privacy, putting them in control of their data and ensuring that Office ProPlus and other Microsoft products and services comply with GDPR and other applicable laws.

    Caught for snooping and you that statement?!?!

    You might as well have released "We are committed to privacy, blah, blah, blah, yeah bored now"

  37. icetimo

    I believe the Office telemetry is sent via a scheduled task, so you can always disable this.

    Still, MS should have an option within Office to disable this and be clear what data it's sending.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like