A prominent Austrian advocacy group is urging the country’s data protection authority to take a closer look at how Microsoft is protecting children’s personal information, arguing the tech giant is unfairly trying to “shift” its responsibility under European Union privacy law to the schools that use its educational software and is secretly tracking minors’ online activities.
In a pair of complaints filed with Austria’s privacy regulator Tuesday, advocacy group NOYB accuses Microsoft of trying to “dodge” its transparency and accountability obligations under the EU’s General Data Protection Regulation by “contractually dumping” most of its legal responsibilities on schools that provide Microsoft 365 Education services to their students and by keeping tabs on these users without consent.
While Microsoft insists the schools are the ultimate “data controllers” and are primarily responsible for ensuring their students are able to exercise their rights under the data privacy law while using educational technology, the advocacy group contends these schools “have no realistic way of complying” with these obligations, including responding to students’ requests to access their data, because Microsoft maintains control over the systems and information contained within them.
