Germany says nein danke to Microsoft

Microsoft has a history of attempting to give Microsoft das boot (yes, I know boots in German is stiefel, but work with me here...)

Around 14 years ago, the municipal government in Munich decided that they'd had enough with Microsoft Office and Windows, opting to switch over to Linux and OpenOffice, instead. The switch had a whole lotta kinks in it, but they worked it out. Earlier this year, Germany's federal association of municipal IT service providers (Vitako), raised concerns that the use of Office 365 by municipal council employees could lead to the private information of German citizens being leaked to Gott knows who. The latest blow—Microsoft's products are no longer welcomed in classrooms across Germany.

From Ars Technica:

This time around, the Hessian Commissioner for Data Protection and Freedom of Information (HBDI) isn't just saying that schools would prefer not to use Microsoft, he's stating that their use of Office 365 is outright illegal. In August 2017, the HBDI ruled that Office 365 could legally be used by schools so long as the back end for the school accounts was stored in Microsoft's German-located cloud. A year later, Microsoft closed its German cloud datacenter, and schools migrated their accounts to the European cloud. Now, the HBDI states that the European cloud may offer access to US authorities; with no way for the German government to monitor such access; this makes use of that cloud illegal without specific consent being granted by its individual users.

In addition to the physical geography of the cloud, the HBDI is unhappy about telemetry in both Office 365 and Windows 10 itself. Neither can be disabled by end-users or organizations, and the content of both remains undisclosed by Microsoft despite repeated inquiries. According to the HBDI, the only legal way around the murky provenance of the telemetry—and possible US state access to users' data—is by asking consent of the individual users. This means that the schools themselves cannot consent on behalf of students, and neither can their parents, according to the HBDI. (Article 8 of the European Union GDPR makes provision for obtaining parental consent for information services to children less than 16 years of age, but its paragraph three specifically states that this doesn't invalidate contract law of its member states.)

That said, ze Germans are giving Microsoft a little wiggle room to sort their shit out. If the company can bring its products into line with German law, complying with what the HBDI says is cool for Deutschland schools, they'd be willing to revisit the matter.

Image via Wikipedia