It is not clear from the article if Microsoft actually uses any of the information they collect for other purposes than what is described in the article. For example, could Microsoft use any of the images that are in one of my documents that get uploaded? Or does any people at Microsoft actually read or use any of the data that is sent? A lot of our documents include sensitive data and would violate various company policies if any unauthorized persons access some of this sensitive data, albiet the current documentation about Connected Experiences in Office would not violate any company policies and seems that it would be useful to keep enabled.
⚠Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.
I have the same consern. Also, GDPR requires that the content and purpose of all data transfers of personally identifiable information is documented and justified. So, I guess I would have to document this in order to keep processing Excel files that contain email addresses or other PII.
Yes Jaripartti, GDPR is one of our such worries! We have many others when we're dealing with thirty party companies that have outsourced to us. We need to know soon if we're going to keep this enabled for security reasons or not.
Off topic, albiet related, I wrote a special script in PowerShell to remove many Microsoft built-in services and applications that had telementry or was stuff not allowed on the corporate owned workstation, such as videos games. I thought for an E3 subscription, these would have been much easier to remove. I have not tested the script yet, so I do not know how well it works. Perhaps it will error out.
The GDPR is a serious concern / issue for European parties; it would be great if Microsoft were to reply tot the issues addressed above.
Any news on this? This information is very much needed.
When MS started their "revamped, cutting-edge" documentation system, I was actually surprised at the rapidity of responses, thoroughness of replies and courtesy of staff. However, since the launch, things have just gone down hill. Here is an EXTREMELY IMPORTANT (legally, ethically, morally, financially/fiduciary [e.g. lawsuits for misuse of data] and, possibly DECEPTIVE). The last point is the one that non-responses give one the impression of a lack of genuine concern, should one exist at all, for Microsoft's employers - US, the subscribers. When you mandate data collection to the degree you are speaking of here (images, text, etc.) it almost leaves my corporations with no choice but to abandon Microsoft in favor of the open-source alternatives where no ambiguity exists in what is and what is not collected; and, more importantly, what is done with the information.
So, here are my queries:
What is the rationale behind the need to collect samples of the text users are writing in emails, documents, spreadsheets, etc. besides to possibly enhance spell/grammar check and intelligent predictions? Apple is doing this on iPhone hardware now - for instance, all voice processing is now done locally versus being uploaded to Apple servers. I don't think MS would ever go for that because it would give up a vital part of their analytics campaign (which epic failed with Bing).
WHY can you not opt out, 100%? Why is it on by default? Why do there not exist any simple methods (short of blocking connections to the servers collecting said data ... by means of enterprise class next-generation Firewalls and Intrusion Protection Systems (NGIPS) such as the ASA5525-x with Firepower that I use at home. I see the raw material sent to MS and it is revolting. Kernel dumps of the entire contents of the page file and RAM - you could pull everything the person was doing on their computer at a point in time with this shi*.
When will you learn that customers are not going to put up with this forever? Personally, I think it's going to take a (literal) act of Congress (similar to the $5B judgement against Facebook) to force this crap to stop.
Please, answer our questions. If you are going to ignore them, please get rid of your "interactive" documentation site. What's the point when you don't actively engage a customer with genuine concerns.
This is a lot bigger deal than most realize. What about doctors such as myself? I'm an anesthesiologist, fortunately I typically use my Mac for transcriptions and EPRs but, what about when I'm using a Windows box? How about HIPPA, is MS going to take responsibility if data collected is hacked and leaked and confidential patient information is released to the world? It's only a matter of time - you know that and I know that.
So, please, sincerely, help us out here.
Thank you in advance.
Most helpful comment
I have the same consern. Also, GDPR requires that the content and purpose of all data transfers of personally identifiable information is documented and justified. So, I guess I would have to document this in order to keep processing Excel files that contain email addresses or other PII.