Microsoft's new Office 365 terms: 'We won't use your data for advertising or profiling'

Microsoft's new Office 365 terms: 'We won't use your data for advertising or profiling' 1

Microsoft has rolled out a new version of its Online Services Terms in response to gripes raised by the Dutch Ministry of Justice over telemetry data that Microsoft collected from Office 365 Plus and Office 365 users. 

The Dutch MoJ accused Microsoft of violating the EU’s General Data Protection Regulation (GDPR), triggering an investigation by the European Data Protection Supervisor (EDPS), which said it had “serious concerns” with Microsoft’s contracts.  

Microsoft announced in November it would update its cloud contracts globally for enterprise and smaller business customers to account for changes demanded by EDPS and the Dutch MoJ. 

Customers are now free to wade through two Microsoft terms documents: the 159-page Microsoft Volume Licensing Product Terms; and the 40-page Microsoft Online Services Terms (OST). Microsoft provides a link to the documents in a new blogpost. 

The new OST incorporate contractual changes Microsoft developed with the Dutch MoJ, said Julie Brill, Microsoft’s chief privacy officer and corporate vice president for global privacy and regulatory affairs, in November.

Microsoft outlines several changes to the OST under its “clarifications and summary of changes” in the new document. There are no significant changes listed in the Product Terms document.  

According to Microsoft, data-protection terms, standard contractual clauses, and EU GDPR details have been removed from the OST document. These now live in a separate document called the Online Services Data Protection Addendum (DPA), which is available online.

“The OST/DPA update replaces the previous OST language authorizing Microsoft to process Customer Data ‘only to provide Customer the Online Services including purposes compatible with providing those services’ with more specific instructions and limitations,” Microsoft says in the new OST. 

One of the key changes to the OST update is that it doesn’t authorize Microsoft to process customer or personal data for the purpose of “profiling, advertising or similar commercial purposes, or market research” unless the customer explicitly allows it. 

The four “high-level” changes that Microsoft notes are that the document: 

  • Allows Microsoft to process Customer Data and Personal Data as a processor for three authorized purposes: delivering the services, troubleshooting, and ongoing improvement.
  • Excludes processing of Customer Data and Personal Data for the purpose of profiling, advertising or similar commercial purposes, or market research unless it is done in accordance with documented instructions from the customer. 
  • Clarifies that Microsoft has the responsibilities of a data controller if it processes Customer Data and Personal Data for certain additional listed “legitimate business operations,” with specific limitations. 
  • Adds clarity and additional details based on customer feedback (eg, around how Customers can engage with Microsoft to audit Microsoft’s data processing pursuant to the GDPR). 

At the time of announcing the OST changes, Brill said Microsoft “will increase our data protection responsibilities for a subset of processing that Microsoft engages in when we provide enterprise services”. 

The OST update would “clarify that Microsoft assumes the role of data controller when we process data for specified administrative and operational purposes incident to providing the cloud services covered by this contractual framework, such as Azure, Office 365, Dynamics and Intune”. 

“This subset of data processing serves administrative or operational purposes such as account management; financial reporting; combating cyberattacks on any Microsoft product or service; and complying with our legal obligations,” she added. 

The Online Services Terms DPA covers ownership issues related to processed data, processing personal data under GDPR rules, breach notifications, legal issues around transferring data between countries, data retention, disclosure and compliance with law-enforcement requests for data, HIPAA regulations, and the new California Consumer Privacy Act (CCPA). Microsoft is applying CCPA rules to all US users. 

For law-enforcement requests to data stored on Microsoft servers, the company promises not to disclose processed data unless required by law. 

“If law enforcement contacts Microsoft with a demand for Processed Data, Microsoft will attempt to redirect the law-enforcement agency to request that data directly from Customer. If compelled to disclose Processed Data to law enforcement, Microsoft will promptly notify Customer and provide a copy of the demand unless legally prohibited from doing so,” Microsoft states. 

About the author

E-Crypto News was developed to assist all cryptocurrency investors in developing profitable cryptocurrency portfolios through the provision of timely and much-needed information. Investments in cryptocurrency require a level of detail, sensitivity, and accuracy that isn’t required in any other market and as such, we’ve developed our databases to help fill in information gaps.

Related Posts

E-Crypto News Executive Interviews

Crypto Scams

Beanstalk Farms Loses $80M In A Massive DeFi Governance Flash-Loan Hack
Beanstalk Farms Loses $80M In A Massive DeFi Governance Flash-Loan Hack
April 23, 2022
Joon Pak Head of Crypto at Prove talks to Us about Crypto Fraud And More
April 11, 2022
Mintable CEO Zach Burks Talks to Us about the Opensea Stolen NFTs and Their Recovery
March 21, 2022
Crypto Crime
Crypto Crime Surges To Record Highs As Thieves Follow Market Buzz – Chainalysis 2022 Report
February 24, 2022
Bots Circumvent 2FA Login At Coinbase And Other Crypto Exchanges In 2022
Bots Have Circumvented 2FA Logins At Coinbase And Other Crypto Exchanges In 2022
February 17, 2022

Automated trading with HaasBot Crypto Trading Bots

Blockchain/Cryptocurrency Questions and Answers

Roundtable Interview-What is the Effect of The Russia-Ukraine War on Cryptocurrency Prices?
March 4, 2022
How Does Bitcoin Casino Work + 2021 Beginner’s Guide
November 8, 2021
How to Buy and Sell Cryptocurrency
November 8, 2021
What Are Bitcoin Futures And How Will They Work In 2022?
November 4, 2021
The Unconventional Guide to Ethereum
October 28, 2021

CryptoCurrencyUSDChange 1hChange 24hChange 7d
Bitcoin29,830 0.14 % 1.49 % 2.20 %
Ethereum1,986.0 0.23 % 0.15 % 5.21 %
Tether1.000 0.03 % 0.06 % 0.02 %
BNB332.39 0.50 % 1.99 % 8.43 %
USD Coin0.9989 0.16 % 0.08 % 0.04 %
XRP0.4090 0.27 % 0.03 % 6.86 %
Binance USD1.002 0.23 % 0.09 % 0.01 %
Cardano0.9566 0.22 % 0.68 % 6.96 %
Solana49.29 0.71 % 0.77 % 14.16 %
Polkadot10.02 0.62 % 0.60 % 9.36 %

Bitcoin (BTC) $ 29,772.00
Ethereum (ETH) $ 1,984.10
Tether (USDT) $ 1.00
BNB (BNB) $ 331.73
USD Coin (USDC) $ 1.00
XRP (XRP) $ 0.40856
Binance USD (BUSD) $ 1.00
Cardano (ADA) $ 0.519991
Solana (SOL) $ 49.01
Polkadot (DOT) $ 10.01