Big Brother wants your data
On gewerkschaftsforum.de, Sophia Fielhauer and Christian Resei discuss how to curb Microsoft's data collection practices for colleagues and regulate them through works councils. They conclude that this has become much more difficult than it was in the days of "normal" Office packages.
In the past, the company purchased a software package and had to reach an agreement with the works council on its use. This agreement specified which tasks were to be performed with the software, which data could be collected and stored by the software about employees, and how this data could be evaluated.
Everything has changed since Office 365
Developed from Microsoft Office, Microsoft 365 now includes not only classic programs such as Word, Excel, Outlook, and PowerPoint, but also Teams, Planner, OneDrive, and various security apps under the name "Purview" – in short, an unmanageable number of apps. Around 400 million subscribers use Microsoft 365 worldwide.
Working online constantly generates a range of behavioral and performance data. However, using this data to evaluate who turned on their laptop after 9 a.m. last month in order to monitor punctuality or work performance should be a no-go. Any performance and behavioral monitoring must be regulated or prohibited in company agreements.
The Microsoft Forms app, for example, helps create online surveys. The authors write: "But there is a big difference between whether the topic is the next company outing or my boss's leadership skills, and whether the survey is factual or judgmental," explains Thomas Riesenecker, a business IT specialist at the Research and Consulting Center for the Working World (FORBA).
Easy to say – difficult to implement
A first step toward a company agreement would be to specify which software is used for which purpose. But Microsoft can simply change the app, disable functions, or add new ones. Neither the company nor the employees can influence this process: "A special feature of cloud technology is that many people don't know what the product will look like next week," says Riesenecker.
But companies should also ask themselves whether they can live with such a confusing array of programs...
And then there's AI
Microsoft 365 programs have also been relying on artificial intelligence for some time. "ChatGPT technology is now being used in Microsoft 365 Copilot. By linking to various Microsoft 365 apps, Copilot is designed to help increase creativity and productivity and complete tasks faster and more efficiently."
What does this look like in practice? The authors cite a very negative example in the article: anyone who uses the Outlook email program from Microsoft 365, for example, may wonder where the good reply suggestions to emails come from—here, too, a machine learning algorithm, i.e., AI, is built in. And it is not always neutral. For example, the AI ensured that users searching for the Google Chrome browser mainly received responses promoting the advantages of the Microsoft search engine. When the media took a critical view of this, Microsoft responded somewhat sheepishly, saying that it was only an experiment that had already been terminated as a result of the negative feedback.
Even though this was already a prime example of manipulation, there are also smaller-scale examples. The performance of individual employees can be improved or worsened in any direction with the "help" of AI, without them having any influence on it. Another smaller-scale but also dangerous example is the option to evaluate online meetings, which is already included in the Teams video conferencing tool. There are logs of, among other things, the duration of speeches – this allows participants to be evaluated at any time.
For the works councils involved, the Microsoft 365 regulation can easily become a permanent task. Companies should also bear this in mind if they only see it as a cheap and comprehensive offer.
What should be included in a works agreement?
- Storage periods,
- purpose limitation,
- an impact assessment, training for employees to explain what happens in the background of
- Microsoft 365,
- what data may be collected and stored,
- what data use is excluded.
Unfortunately, this is where we come up against the EU limits of the GDPR. Which data is transferred to the US and how it is used has already been the subject of many ECJ rulings on the now invalid Safe Harbor, Privacy Shield, and other agreements.
That is why the Conference of Independent Data Protection Authorities in Germany agrees that Microsoft 365 violates the European General Data Protection Regulation. In some federal states, the use of MS365 is also prohibited in schools. An example: Officially, the company only collects data to optimize the so-called user experience. However, it does not always ask for the permission required by law. The first version of Word's spell checker, for example, was simply tracked in the US without users' consent.
Our suggestion: Every company could save a lot of money by using the open source package Libre Office free of charge. This would even make them more EU-compliant, because it generates and uses .odt files as the default exchange format, as standardized in Europe. And it's certainly easy to find a video conferencing tool that complies with data protection regulations, such as Jitsi or BigBlueButton or ...
Read more https://gewerkschaftsforum.de/microsoft-365-big-brother-nach-programm/#more-17244
Category[32]: Datenverluste Short-Link to this page: a-fsa.de/e/3vo
Link to this page: https://www.a-fsa.de/de/articles/8475-20230730-gefahren-bei-microsoft365.htm
Link with Tor: http://a6pdp5vmmw4zm5tifrc3qo2pyz7mvnk4zzimpesnckvzinubzmioddad.onion/de/articles/8475-20230730-gefahren-bei-microsoft365.htm
Tags: #BigBrother #Gefahren #Microsoft365 #Teams #Lauschangriff #Überwachung #Videoüberwachung #Verbraucherdatenschutz #Datenschutz #Datensicherheit #Ergonomie #Datenpannen #Datenskandale #PrivacyShield #SafeHarbor #USA #Big5 #Gewerkschaft #Betriebsvereinbarung #Apps #Online #Veränderungen #Verlust
Created: 2023-07-30 07:28:46
Kommentar abgeben
