Schools in Hesse, Germany will stop using Microsoft Office 365 because of a cyber-security risk which could lead to violation of the General Data Protection Regulation (GDPR).

According to reports, problems first started to arise when Microsoft took the decision to shut down its data centre in Germany in August 2018. The move increased users’ data vulnerability against unauthorised access from US authorities.

Windows 10 can collect huge swathes of data regarding user habits when interacting with products and services, according to the owner’s privacy settings.

Information harvested can included email subject lines, plus any phrases that are translated through Microsoft’s translate software. As detailed by ZDNet, if data settings are clicked to “Enhanced” then Windows 10 can also gather elements of your system’s memory should a crash take place. Such a collection would also pick up sensitive data.

Commenting on the revelations, a Microsoft spokesperson said that the company had noted the security fears, and highlighted the choices that administrators already possess regarding limiting the quantity of data that is submitted to Microsoft through Office 365 running on a work or school network.

The spokesperson underlined Microsoft’s recent introduction of new security features designed to offer enhanced control over user data, before mentioning how the firm has successfully taken the US government to court for accessing user data in the Eurozone.

The spokesperson said:

“We’re thankful the Commissioner raised these concerns and we look forward to engaging further with the Commissioner on its questions and concerns related to Microsoft’s offerings.”

Microsoft has previously tried to allay fears about data collection through last year’s Windows Diagnostic Data Viewer. But from latest reports it seems more will need to be done by the corporation if it is to satisfy DPOs in Germany who are just searching for peace of mind regarding how the firm processes its data.

The DPO in Hesse has described how the region’s schools cannot rely on cloud solutions in a way that satisfies the standards of the GDPR. Until compliance can be guaranteed through the cloud, schools will have to fall back on locally-stored software, such as Microsoft’s non-cloud 2019.