• Mehr als 3 Millionen Wörter Inhalt
  • |
  • info@itmedialaw.com
  • |
  • Tel: 03322 5078053
Kurzberatung
Rechtsanwalt Marian Härtel - ITMediaLaw

No products in the cart.

  • en English
  • de Deutsch
  • Informationen
    • Ideal partner
    • About lawyer Marian Härtel
    • Quick and flexible access
    • Principles as a lawyer
    • Why a lawyer and business consultant?
    • Focus areas of attorney Marian Härtel
      • Focus on start-ups
      • Investment advice
      • Corporate law
      • Cryptocurrencies, Blockchain and Games
      • AI and SaaS
      • Streamers and influencers
      • Games and esports law
      • IT/IP Law
      • Law firm for GMBH,UG, GbR
      • Law firm for IT/IP and media law
    • The everyday life of an IT lawyer
    • How can I help clients?
    • Testimonials
    • Team: Saskia Härtel – WHO AM I?
    • Agile and lean law firm
    • Price overview
    • Various information
      • Terms
      • Privacy policy
      • Imprint
  • Services
    • Support and advice of agencies
    • Contract review and preparation
    • Games law consulting
    • Consulting for influencers and streamers
    • Advice in e-commerce
    • DLT and Blockchain consulting
    • Legal advice in corporate law: from incorporation to structuring
    • Legal compliance and expert opinions
    • Outsourcing – for companies or law firms
    • Booking as speaker
  • News
    • Gloss / Opinion
    • Law on the Internet
    • Online retail
    • Law and computer games
    • Law and Esport
    • Blockchain and web law
    • Data protection Law
    • Copyright
    • Labour law
    • Competition law
    • Corporate
    • EU law
    • Law on the protection of minors
    • Tax
    • Other
    • Internally
  • Podcast
    • ITMediaLaw Podcast
  • Knowledge base
    • Laws
    • Legal terms
    • Contract types
    • Clause types
    • Forms of financing
    • Legal means
    • Authorities
    • Company forms
    • Tax
    • Concepts
  • Videos
    • Information videos – about Marian Härtel
    • Videos – about me (Couch)
    • Blogpost – individual videos
    • Videos on services
    • Shorts
    • Podcast format
    • Third-party videos
    • Other videos
  • Contact
  • Informationen
    • Ideal partner
    • About lawyer Marian Härtel
    • Quick and flexible access
    • Principles as a lawyer
    • Why a lawyer and business consultant?
    • Focus areas of attorney Marian Härtel
      • Focus on start-ups
      • Investment advice
      • Corporate law
      • Cryptocurrencies, Blockchain and Games
      • AI and SaaS
      • Streamers and influencers
      • Games and esports law
      • IT/IP Law
      • Law firm for GMBH,UG, GbR
      • Law firm for IT/IP and media law
    • The everyday life of an IT lawyer
    • How can I help clients?
    • Testimonials
    • Team: Saskia Härtel – WHO AM I?
    • Agile and lean law firm
    • Price overview
    • Various information
      • Terms
      • Privacy policy
      • Imprint
  • Services
    • Support and advice of agencies
    • Contract review and preparation
    • Games law consulting
    • Consulting for influencers and streamers
    • Advice in e-commerce
    • DLT and Blockchain consulting
    • Legal advice in corporate law: from incorporation to structuring
    • Legal compliance and expert opinions
    • Outsourcing – for companies or law firms
    • Booking as speaker
  • News
    • Gloss / Opinion
    • Law on the Internet
    • Online retail
    • Law and computer games
    • Law and Esport
    • Blockchain and web law
    • Data protection Law
    • Copyright
    • Labour law
    • Competition law
    • Corporate
    • EU law
    • Law on the protection of minors
    • Tax
    • Other
    • Internally
  • Podcast
    • ITMediaLaw Podcast
  • Knowledge base
    • Laws
    • Legal terms
    • Contract types
    • Clause types
    • Forms of financing
    • Legal means
    • Authorities
    • Company forms
    • Tax
    • Concepts
  • Videos
    • Information videos – about Marian Härtel
    • Videos – about me (Couch)
    • Blogpost – individual videos
    • Videos on services
    • Shorts
    • Podcast format
    • Third-party videos
    • Other videos
  • Contact
Rechtsanwalt Marian Härtel - ITMediaLaw

Office 365 in schools illegal under data protection law

7. November 2022
in Data protection Law
Reading Time: 3 mins read
0 0
A A
0
office 1356793 1280

1. preliminary remark

For years, there has been a debate in Germany about whether schools can use Microsoft’s Office 365 software in a privacy-compliant manner. In August 2017, the Hessian Commissioner for Data Protection and Freedom of Information (HBDI) issued a statement on Microsoft’s Deutschland-Cloud as the only German supervisory authority for data protection following an extensive review. In its statement at the time, the HBDI determined that Office 365 can be used by schools in the Germany Cloud in a data protection-compliant manner, provided that the tools provided by Microsoft (e.g., role and authorization concept, logging, etc.) are applied appropriately by the schools. In August 2018, Microsoft informed the public that contracts would no longer be offered for the Germany Cloud and that sales of this product would be discontinued. Since then, the HBDI has received inquiries from a large number of teachers and school administrators, as well as school boards, regarding the use of Office 365 in the European cloud. In addition, Office 365 has been massively promoted in the school landscape by individual school boards in recent months, irrespective of the unresolved data protection issues.

2. why the cloud application of Office 365 is currently illegal

The use of cloud applications by schools is generally not a problem under data protection law. Many schools in Hesse are already using cloud solutions. Whether it’s the learning platform or the electronic class register, for example, schools can use digital applications in a way that complies with data protection requirements, provided that the security of data processing and the participation of students are guaranteed. The legal situation is different for Office 365 as a cloud solution. For years, regulators have been in discussions with Microsoft. The crucial aspect here is whether the school, as a public institution, can store personal data (of children) in a (European) cloud that is exposed to possible access by US authorities, for example. Public institutions in Germany have a special responsibility with regard to the permissibility and traceability of the processing of personal data. The digital sovereignty of state data processing must also be guaranteed. In addition, there is another problem that was brought to the public’s attention by the Federal Office for Information Security in the fall of 2018. With the use of the Windows 10 operating system, a wealth of telemetry data is transmitted to Microsoft, the contents of which have not been conclusively clarified despite repeated requests to Microsoft. Such data is also transmitted when using Office 365.

3. can school use consent to solve the problem?

Up to now, schools have been dependent on the consent of the data subjects, insofar as digital, personal data processing takes place in or through schools. Whether the consent of the data subjects justifies digital, personal data processing in certain situations can be left open. In any case, in connection with the use of Office 365 in the cloud, consent does not offer a solution because the security and traceability of the data processing procedures are not guaranteed. Therefore, the data processing is inadmissible. Attempting to achieve a cure through a declaration of consent by the parents would also not sufficiently take into account the special protection rights of children, e.g. according to Art. 8 of the General Data Protection Regulation (GDPR). Thus, with the consent of the parents, the problem is not solved.

4. What are the prospects for using Office 365?

The HBDI is aware of the needs that vocational schools in particular have for the use of office packages. That is why there is also an interest in working with Microsoft to arrive at a solution that complies with data protection requirements. However, this is not due to the HBDI or the other federal regulatory authorities, but primarily to Microsoft itself. As soon as the possible access of third parties to the data in the cloud and the issue of telemetry data in particular have been resolved in a comprehensible and data protection-compliant manner, Office 365 can be used as a cloud solution by schools. Until that time, however, school can make use of other tools such as on-premises licenses on local systems.

5. other cloud solutions from e.g. Google and Apple

What is true for Microsoft is also true for Google’s and Apple’s cloud solutions. The cloud solutions of these providers have also not been presented transparently and comprehensibly to date. Therefore, it is also true here that data protection-compliant use is currently not feasible for schools.

Marian Härtel
Author: Marian Härtel

Marian Härtel ist Rechtsanwalt und Fachanwalt für IT-Recht mit einer über 25-jährigen Erfahrung als Unternehmer und Berater in den Bereichen Games, E-Sport, Blockchain, SaaS und Künstliche Intelligenz. Seine Beratungsschwerpunkte umfassen neben dem IT-Recht insbesondere das Urheberrecht, Medienrecht sowie Wettbewerbsrecht. Er betreut schwerpunktmäßig Start-ups, Agenturen und Influencer, die er in strategischen Fragen, komplexen Vertragsangelegenheiten sowie bei Investitionsprojekten begleitet. Dabei zeichnet sich seine Beratung durch einen interdisziplinären Ansatz aus, der juristische Expertise und langjährige unternehmerische Erfahrung miteinander verbindet. Ziel seiner Tätigkeit ist stets, Mandanten praxisorientierte Lösungen anzubieten und rechtlich fundierte Unterstützung bei der Umsetzung innovativer Geschäftsmodelle zu gewährleisten.

Tags: Data protection LawdigitalGeneral Data Protection RegulationGoogleInformationKILizenzPersonal dataPrivacyRegulationSicherheitSoftwareVerträge

Weitere spannende Blogposts

Simulated gambling does not lead to the indexing of a game

Simulated gambling does not lead to the indexing of a game
7. November 2022

The games "Coin Master," "Coin Trip" and "Coin Kingdom" are not harmful to minors within the meaning of the German...

Read moreDetails

Data protection when using cloud services

Data protection when using cloud services: what startups need to know
10. October 2024

Cloud services offer start-ups numerous advantages such as flexibility, scalability and cost efficiency. However, the use of cloud services also...

Read moreDetails

#FreedomOfTagging: Influencer and the VSW

Brief reminder: Influencer as target of warning letters
21. December 2018

Influencer marketing is currently a hot topic again. This time it concerns Instagram influencer Vanessa Blumenthal, who continues to be...

Read moreDetails

Digital employment contracts: Soon to be a reality at last

Preparing for the Digital Service Act as a business
26. August 2024

The world of work is undergoing a digital transformation - but when it comes to employment contracts, of all things,...

Read moreDetails

CEO, Managing Director, President…watch out for job titles

CEO, Managing Director, President…watch out for job titles
7. November 2022

If you comb through business portals such as LinkedIn or the imprint content of many websites, you will find numerous...

Read moreDetails

ECJ: Facebook must elicit same and similar comments?

Publication of sales advertisements and classification as a trader
7. November 2022

According to ECJ Advocate General Szpunar, Facebook can be forced to elicit and identify all comments that are word-for-word identical...

Read moreDetails

Let’s stream plays on events? What about the protection of minors?

Let’s stream plays on events? What about the protection of minors?
24. May 2019

I'm currently receiving a number of inquiries about the impact of youth protection legislation and the JusProg problem(see this article)...

Read moreDetails

Pokémon Go: Privacy and terms of use

Small summary – Blizzard vs. Bossland
23. February 2023

This is already the third article from me on the subject of Pokémon Go. But readers have to put up...

Read moreDetails

Data protection in the digital age: Landmark ruling by Cologne Regional Court on the use of Google Analytics

Data protection in the digital age: Landmark ruling by Cologne Regional Court on the use of Google Analytics
11. May 2023

Introduction: An expected verdict and its effects The Cologne Regional Court has sent a signal with a ruling that was...

Read moreDetails
Modding in EULAs und Verträgen – was gilt rechtlich in Deutschland?
Law and computer games

Modding in EULAs und Verträgen – was gilt rechtlich in Deutschland?

8. September 2025

Mods erweitern Videospiele um neue Inhalte, verbessern Grafik oder fügen völlig neue Spielweisen hinzu. Kaum ein großer PC-Titel kommt heute...

Read moreDetails
Schiedsvereinbarungen in EULAs und Entwicklerverträgen

Schiedsvereinbarungen in EULAs und Entwicklerverträgen

7. September 2025
Chain of Title im Game-Development: Rechtekette sauber aufbauen

Chain of Title im Game-Development: Rechtekette sauber aufbauen

6. September 2025
Fail-Fast Klauseln in Medienproduktionen – Was ist das eigentlich?

Fail-Fast Klauseln in Medienproduktionen – Was ist das eigentlich?

5. September 2025
Founder’s Agreement vs. Gesellschaftervertrag: Frühzeitige Weichenstellung für Startups

Founder’s Agreement vs. Gesellschaftervertrag: Frühzeitige Weichenstellung für Startups

12. August 2025

Podcastfolge

Influencer und Gaming: Rechtliche Herausforderungen in der digitalen Unterhaltungswelt

Influencer und Gaming: Rechtliche Herausforderungen in der digitalen Unterhaltungswelt

25. September 2024

In dieser fesselnden Folge nimmt Rechtsanwalt Marian Härtel die Zuhörer mit auf eine spannende Reise durch die dynamische Welt der...

Read moreDetails
Rechtliche Grundlagen und Praxis von Open Source in der Softwareentwicklung

Rechtliche Grundlagen und Praxis von Open Source in der Softwareentwicklung

19. April 2025
Legal challenges when implementing confidential computing: data protection and encryption in the cloud

Smart Contracts und Blockchain

22. December 2024
eda7ba83 c559 4e68 8441 41159a0751f3

Blitzskalierung und rechtliche Herausforderungen: Der Balanceakt für Startups

20. April 2025
8315f1ef298eb54dfeed2f5e55c8b9da 1

Erste Testfolge des ITMediaLaw Podcast

26. August 2024

Video

Mein transparente Abrechnung

Mein transparente Abrechnung

10. February 2025

In diesem Video rede ich ein wenig über transparente Abrechnung und wie ich kommuniziere, was es kostet, wenn man mit...

Read moreDetails
Faszination zwischen und Recht und Technologie

Faszination zwischen und Recht und Technologie

10. February 2025
Meine zwei größten Herausforderungen sind?

Meine zwei größten Herausforderungen sind?

10. February 2025
Was mich wirklich freut

Was mich wirklich freut

10. February 2025
Was ich an meinem Job liebe!

Was ich an meinem Job liebe!

10. February 2025
  • Privacy policy
  • Imprint
  • Contact
  • About lawyer Marian Härtel
Marian Härtel, Rathenaustr. 58a, 14612 Falkensee, info@itmedialaw.com

Marian Härtel - Rechtsanwalt für IT-Recht, Medienrecht und Startups, mit einem Fokus auf innovative Geschäftsmodelle, Games, KI und Finanzierungsberatung.

Welcome Back!

Login to your account below

Forgotten Password? Sign Up

Create New Account!

Fill the forms below to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In
  • Informationen
    • Ideal partner
    • About lawyer Marian Härtel
    • Quick and flexible access
    • Principles as a lawyer
    • Why a lawyer and business consultant?
    • Focus areas of attorney Marian Härtel
      • Focus on start-ups
      • Investment advice
      • Corporate law
      • Cryptocurrencies, Blockchain and Games
      • AI and SaaS
      • Streamers and influencers
      • Games and esports law
      • IT/IP Law
      • Law firm for GMBH,UG, GbR
      • Law firm for IT/IP and media law
    • The everyday life of an IT lawyer
    • How can I help clients?
    • Testimonials
    • Team: Saskia Härtel – WHO AM I?
    • Agile and lean law firm
    • Price overview
    • Various information
      • Terms
      • Privacy policy
      • Imprint
  • Services
    • Support and advice of agencies
    • Contract review and preparation
    • Games law consulting
    • Consulting for influencers and streamers
    • Advice in e-commerce
    • DLT and Blockchain consulting
    • Legal advice in corporate law: from incorporation to structuring
    • Legal compliance and expert opinions
    • Outsourcing – for companies or law firms
    • Booking as speaker
  • News
    • Gloss / Opinion
    • Law on the Internet
    • Online retail
    • Law and computer games
    • Law and Esport
    • Blockchain and web law
    • Data protection Law
    • Copyright
    • Labour law
    • Competition law
    • Corporate
    • EU law
    • Law on the protection of minors
    • Tax
    • Other
    • Internally
  • Podcast
    • ITMediaLaw Podcast
  • Knowledge base
    • Laws
    • Legal terms
    • Contract types
    • Clause types
    • Forms of financing
    • Legal means
    • Authorities
    • Company forms
    • Tax
    • Concepts
  • Videos
    • Information videos – about Marian Härtel
    • Videos – about me (Couch)
    • Blogpost – individual videos
    • Videos on services
    • Shorts
    • Podcast format
    • Third-party videos
    • Other videos
  • Contact
  • en English
  • de Deutsch
Kostenlose Kurzberatung