Author: Simon Hobson Date: To: dng Subject: Re: [DNG] Privacy and large public, yet privately owned,
service providers (was: Re: Zoom?)
Martin Steigerwald <martin@???> wrote:
> Unfortunately we have Office 365 at work.
As do we - but I do know that our infrastructure is all on-premises for security reasons, and my employer is big enough to put the resources into running it properly.
It's been a marvellous play by MS - cobbling together a few disparate products and making them "just good enough" for corporates to not reject them, while providing the "integration" (which really means vendor lock in and competitor exclusion) to make it an easy sell to the IT people who need to make it run. I say "cobble together" and "just good enough" because that's just what it fells like having been using Macs for the last <cough> decades and now having to use Windoze. Little things like Outlook, despite having been part of "the package" for a long time still has completely different keyboard shortcuts to the other programs - Apple went all out for consistency back in 1984, Microsoft don't seem to have heard of it.
Luckily we're still on W7 so not a completely alien landscape - but we're due to go to W10 in the not too distant future.
> And there are several data / privacy protection officials who say it is legally impossible to use Microsoft Teams and Co in Germany.
It is. It is not possible to use O365 and comply with GDPR - it just hasn't been blown out of the water in court yet.
I know that at a previous employer (small It services business), "we" (doesn't include me) were busy switching users from our in-house mail to O365 - and stating quite clearly that it's all OK as you can select to store you data in an EU datacentre and the contract is with Microsoft Ireland. The business between Microsoft and the FBI, and their actions as soon as the CLOUD act was passed prove that Microsoft in the US has access to data held in datacentres in Ireland and supposedly only accessible to Microsoft Ireland. If is the separation was as claimed, all the access to data is controlled by systems under US control.
Of course, small business don't have the resources to look into this sort of thing - they rely on what their suppliers tell them, even if it's a pack of half-truths.
> And then Max Schrems and his team at noyb.eu convinced the highest
> European court to finally kick Privacy Shield.
Yes, it will be interesting to see what sort of kludge they come up with next - there's a lot riding on not killing trans-Atlantic data traffic.
Don't forget that Privacy Sh^H^HFig Leaf was a kludge to allow business as usual when Safe harbour was blown out of the water. Everyone could see it would also be blown away, but there is too much riding on business as usual to allow such details as fundamental incompatibility between the two sets of law to get in the way.