Microsoft Office Secretly Collects Email Data, Europe Regulator Rules

Microsoft Office, one of the most popular office suites, is reported to breach the EU's General Data Protection Regulation (GDPR) for the storage of sensitive categories of metadata and data and keeping them beyond the time needed.

Dutch government stated that they had found huge scale of users data through Office, which Microsoft had collected but their users was uninformed the whole time.

The company explained that they collected those data for security and functional purposes only. However, the report revealed that the tech giant also collects data including subject lines from emails and content snippets.

Microsoft had sent this data from Europe to their US-based data centers. However, the company had then moved back that data back to the data centers in Europe as they wanted to show that they were in compliance with the data laws GDPR, which just released early 2018.

GDPR - new data protection and privacy law of Europe which was implemented on 25 May 2018

The company that did the investigation, Privacy Company, said that the tech giant engaged in a huge scale and covert processing of data.

The Ministry of Justice said in the report that this users’ data from Microsoft Office and Windows 10 Enterprise was being stored in US-based data centers could pose major risk to privacy of users.

Under EU's General Data Protection Regulation, a company may be fined if it gathers unnecessary data of users or for data breaches.

In October, Microsoft, said on the report, agreed to undertake a plan to improve its services.

The Dutch government worried that their data also was a part of the data the company had been gathered, including 300,000 employees in the Dutch government who was using Microsoft products.

And if the tech giant failed to make any progress on the data processing, the data regulator may consider enforcement measures.