Microsoft is facing two complaints from the European Center for Digital Rights (NOYB) regarding the company’s handling of children’s privacy rights in the EU. The complaints were filed earlier this month and accuse Microsoft of violating children’s privacy rights through its Microsoft 365 Education suite. The organization claims that Microsoft is not transparent about how it processes data within the suite and that it shifts responsibility for data protection onto schools, which are not equipped to handle such responsibilities.
NOYB argues that Microsoft’s approach is in violation of the EU’s General Data Protection Regulation (GDPR) and that the company is not providing adequate information to users about how their data is being processed. The organization is calling for an investigation into Microsoft’s practices and is seeking a fine or warning against the company if it is found to have violated the GDPR. Microsoft has responded to the complaints, stating that its 365 Education suite complies with GDPR and other applicable privacy laws and that it thoroughly protects the privacy of its young users.
The first complaint filed by NOYB centers around a father in Vienna who requested data from Microsoft last August regarding how the company was processing his daughter’s personal information within Microsoft 365 Education products and services. Microsoft responded by directing the father to his child’s school, which the company claimed was responsible for the data. However, the school told the father that the only personal data it processed was the email address in Microsoft 365 Education.