Since 16 October, users of Office 365 in Germany have had an additional data protection query in Office 365 Pro Plus, Office Online and Office Mobile Apps including Microsoft teams.
Privacy Queries in Office 365 Pro Plus, Office WebApp, and Office Mobile Apps
Automatically and controlled by Microsoft, data protection queries have been sent to users as pop-ups for two days now when Office Online, Office 365 Pro Plus (Build 1904) and Office mobile are used for the first time.
This is a bit confusing for some users and increases the number of tickets in the internal ticket system and also the number of requests. There is also uncertainty as to whether this request can be accepted or simply closed.
Here are a few screenshots from the different variants:
Data protection query at Excel Online (German)
Data protection query at Word Online (German)
Abfrage in OneNote 2016 Desktop
Why does this query come? Backgrounds
This additional request, not initiated by your IT department, is a Microsoft action related to the criticism of telemetry and the transfer of data to third parties. This is also in connection with the criticism of the Hessian State Data Protection Commissioner.
There will also be further measures in the future to pass on the settings and configurations to users, so that not only the administrator can proceed here.
Contents of the query
Microsoft asks if you agree or disagree to the processing of the optionally connected services in Office:
optional connected services in Office
Services that are categorized as optional to the Office programs are referred to as optionally connected services and their diagnostic data (telemetry) and the processing of personal data as well. If these services do not work, one can still use the basic functions, e.g. write Word document, but no optional functions.
You should therefore consider exactly how you want to deal with these services.
These are not part of the Microsoft Online Terms, but are covered by the General Privacy Policy and the General Service Agreement. Please bear this in mind in your risk assessment and in the area of data protection.
Approval triggers approval:
Microsoft service contract: https://www.microsoft.com/servicesagreement
General data protection regulations: https://privacy.microsoft.com/
Consent to the transfer of data including personal data to and from:
- LinkedIn (Resume Wizard)
- Bing services (3D maps, map diagrams, inserting online images, inserting online 3D models,
- PowerPoint quick starters, research and intelligent lookup)
- office store
- online videos
- Microsoft Error Reporting (MERP)
- Research (Research)
- Weather bar in Outlook (Weather bar )
- Services for Microsoft feedback (feedback, help, suggest function)
Diagnostic data (telemetry)
“If you use one of the optional cloud-based services described in this article, Microsoft may collect diagnostic data (such as usage data, error data, and performance data) about the performance of the service when you use it. This diagnostic information may include “personal information” as defined in Article 4 of the European DSGVO.All diagnostic information collected by Microsoft during the use of Office 365 ProPlus applications and services is pseudonymized in accordance with ISO/IEC 19944:2017, (Section 8.3.3)”.
More Information: https://docs.microsoft.com/en-us/deployoffice/privacy/optional-connected-experiences
Make settings also after the query
Office Online using Word Online as an example
Way: Open Word Online -> New Document -> About -> Privacy Settings
It is especially interesting that this setting is also synced from Office Pro Plus to Office Online. Thus the GPO, at least for this setting, is finally adopted for Office Online as well. We have been wishing for this sync function for a long time and hopefully all data protection settings will soon be applied to Office Online and the mobile apps.
Example: After the change in Office Online a restart in Outlook Desktop will be announced:
A restart is required to enforce the privacy setting. After the restart, the check mark in Outlook has also been removed:
Path: File -> Options -> Trust Center -> Privacy options -> Privacy settings
