• Mehr als 3 Millionen Wörter Inhalt
  • |
  • info@itmedialaw.com
  • |
  • Tel: 03322 5078053
Kurzberatung
Rechtsanwalt Marian Härtel - ITMediaLaw

No products in the cart.

  • en English
  • de Deutsch
  • Informationen
    • Ideal partner
    • About lawyer Marian Härtel
    • Quick and flexible access
    • Principles as a lawyer
    • Why a lawyer and business consultant?
    • Focus areas of attorney Marian Härtel
      • Focus on start-ups
      • Investment advice
      • Corporate law
      • Cryptocurrencies, Blockchain and Games
      • AI and SaaS
      • Streamers and influencers
      • Games and esports law
      • IT/IP Law
      • Law firm for GMBH,UG, GbR
      • Law firm for IT/IP and media law
    • The everyday life of an IT lawyer
    • How can I help clients?
    • Testimonials
    • Team: Saskia Härtel – WHO AM I?
    • Agile and lean law firm
    • Price overview
    • Various information
      • Terms
      • Privacy policy
      • Imprint
  • Services
    • Support and advice of agencies
    • Contract review and preparation
    • Games law consulting
    • Consulting for influencers and streamers
    • Advice in e-commerce
    • DLT and Blockchain consulting
    • Legal advice in corporate law: from incorporation to structuring
    • Legal compliance and expert opinions
    • Outsourcing – for companies or law firms
    • Booking as speaker
  • News
    • Gloss / Opinion
    • Law on the Internet
    • Online retail
    • Law and computer games
    • Law and Esport
    • Blockchain and web law
    • Data protection Law
    • Copyright
    • Labour law
    • Competition law
    • Corporate
    • EU law
    • Law on the protection of minors
    • Tax
    • Other
    • Internally
  • Podcast
    • ITMediaLaw Podcast
  • Knowledge base
    • Laws
    • Legal terms
    • Contract types
    • Clause types
    • Forms of financing
    • Legal means
    • Authorities
    • Company forms
    • Tax
    • Concepts
  • Videos
    • Information videos – about Marian Härtel
    • Videos – about me (Couch)
    • Blogpost – individual videos
    • Videos on services
    • Shorts
    • Podcast format
    • Third-party videos
    • Other videos
  • Contact
  • Informationen
    • Ideal partner
    • About lawyer Marian Härtel
    • Quick and flexible access
    • Principles as a lawyer
    • Why a lawyer and business consultant?
    • Focus areas of attorney Marian Härtel
      • Focus on start-ups
      • Investment advice
      • Corporate law
      • Cryptocurrencies, Blockchain and Games
      • AI and SaaS
      • Streamers and influencers
      • Games and esports law
      • IT/IP Law
      • Law firm for GMBH,UG, GbR
      • Law firm for IT/IP and media law
    • The everyday life of an IT lawyer
    • How can I help clients?
    • Testimonials
    • Team: Saskia Härtel – WHO AM I?
    • Agile and lean law firm
    • Price overview
    • Various information
      • Terms
      • Privacy policy
      • Imprint
  • Services
    • Support and advice of agencies
    • Contract review and preparation
    • Games law consulting
    • Consulting for influencers and streamers
    • Advice in e-commerce
    • DLT and Blockchain consulting
    • Legal advice in corporate law: from incorporation to structuring
    • Legal compliance and expert opinions
    • Outsourcing – for companies or law firms
    • Booking as speaker
  • News
    • Gloss / Opinion
    • Law on the Internet
    • Online retail
    • Law and computer games
    • Law and Esport
    • Blockchain and web law
    • Data protection Law
    • Copyright
    • Labour law
    • Competition law
    • Corporate
    • EU law
    • Law on the protection of minors
    • Tax
    • Other
    • Internally
  • Podcast
    • ITMediaLaw Podcast
  • Knowledge base
    • Laws
    • Legal terms
    • Contract types
    • Clause types
    • Forms of financing
    • Legal means
    • Authorities
    • Company forms
    • Tax
    • Concepts
  • Videos
    • Information videos – about Marian Härtel
    • Videos – about me (Couch)
    • Blogpost – individual videos
    • Videos on services
    • Shorts
    • Podcast format
    • Third-party videos
    • Other videos
  • Contact
Rechtsanwalt Marian Härtel - ITMediaLaw

Office 365 in schools illegal under data protection law

7. November 2022
in Data protection Law
Reading Time: 3 mins read
0 0
A A
0
office 1356793 1280

1. preliminary remark

For years, there has been a debate in Germany about whether schools can use Microsoft’s Office 365 software in a privacy-compliant manner. In August 2017, the Hessian Commissioner for Data Protection and Freedom of Information (HBDI) issued a statement on Microsoft’s Deutschland-Cloud as the only German supervisory authority for data protection following an extensive review. In its statement at the time, the HBDI determined that Office 365 can be used by schools in the Germany Cloud in a data protection-compliant manner, provided that the tools provided by Microsoft (e.g., role and authorization concept, logging, etc.) are applied appropriately by the schools. In August 2018, Microsoft informed the public that contracts would no longer be offered for the Germany Cloud and that sales of this product would be discontinued. Since then, the HBDI has received inquiries from a large number of teachers and school administrators, as well as school boards, regarding the use of Office 365 in the European cloud. In addition, Office 365 has been massively promoted in the school landscape by individual school boards in recent months, irrespective of the unresolved data protection issues.

2. why the cloud application of Office 365 is currently illegal

The use of cloud applications by schools is generally not a problem under data protection law. Many schools in Hesse are already using cloud solutions. Whether it’s the learning platform or the electronic class register, for example, schools can use digital applications in a way that complies with data protection requirements, provided that the security of data processing and the participation of students are guaranteed. The legal situation is different for Office 365 as a cloud solution. For years, regulators have been in discussions with Microsoft. The crucial aspect here is whether the school, as a public institution, can store personal data (of children) in a (European) cloud that is exposed to possible access by US authorities, for example. Public institutions in Germany have a special responsibility with regard to the permissibility and traceability of the processing of personal data. The digital sovereignty of state data processing must also be guaranteed. In addition, there is another problem that was brought to the public’s attention by the Federal Office for Information Security in the fall of 2018. With the use of the Windows 10 operating system, a wealth of telemetry data is transmitted to Microsoft, the contents of which have not been conclusively clarified despite repeated requests to Microsoft. Such data is also transmitted when using Office 365.

3. can school use consent to solve the problem?

Up to now, schools have been dependent on the consent of the data subjects, insofar as digital, personal data processing takes place in or through schools. Whether the consent of the data subjects justifies digital, personal data processing in certain situations can be left open. In any case, in connection with the use of Office 365 in the cloud, consent does not offer a solution because the security and traceability of the data processing procedures are not guaranteed. Therefore, the data processing is inadmissible. Attempting to achieve a cure through a declaration of consent by the parents would also not sufficiently take into account the special protection rights of children, e.g. according to Art. 8 of the General Data Protection Regulation (GDPR). Thus, with the consent of the parents, the problem is not solved.

4. What are the prospects for using Office 365?

The HBDI is aware of the needs that vocational schools in particular have for the use of office packages. That is why there is also an interest in working with Microsoft to arrive at a solution that complies with data protection requirements. However, this is not due to the HBDI or the other federal regulatory authorities, but primarily to Microsoft itself. As soon as the possible access of third parties to the data in the cloud and the issue of telemetry data in particular have been resolved in a comprehensible and data protection-compliant manner, Office 365 can be used as a cloud solution by schools. Until that time, however, school can make use of other tools such as on-premises licenses on local systems.

5. other cloud solutions from e.g. Google and Apple

What is true for Microsoft is also true for Google’s and Apple’s cloud solutions. The cloud solutions of these providers have also not been presented transparently and comprehensibly to date. Therefore, it is also true here that data protection-compliant use is currently not feasible for schools.

Marian Härtel
Author: Marian Härtel

Marian Härtel ist Rechtsanwalt und Fachanwalt für IT-Recht mit einer über 25-jährigen Erfahrung als Unternehmer und Berater in den Bereichen Games, E-Sport, Blockchain, SaaS und Künstliche Intelligenz. Seine Beratungsschwerpunkte umfassen neben dem IT-Recht insbesondere das Urheberrecht, Medienrecht sowie Wettbewerbsrecht. Er betreut schwerpunktmäßig Start-ups, Agenturen und Influencer, die er in strategischen Fragen, komplexen Vertragsangelegenheiten sowie bei Investitionsprojekten begleitet. Dabei zeichnet sich seine Beratung durch einen interdisziplinären Ansatz aus, der juristische Expertise und langjährige unternehmerische Erfahrung miteinander verbindet. Ziel seiner Tätigkeit ist stets, Mandanten praxisorientierte Lösungen anzubieten und rechtlich fundierte Unterstützung bei der Umsetzung innovativer Geschäftsmodelle zu gewährleisten.

Tags: Data protection LawdigitalGeneral Data Protection RegulationGoogleInformationKILizenzPersonal dataPrivacyRegulationSicherheitSoftwareVerträge

Weitere spannende Blogposts

BGH on bakeries and Sunday sales

No more free tissues at the pharmacy?
17. October 2019

The Federal Court of Justice has ruled that the sale of baked goods in bakery branches with café operations on...

Read moreDetails

BFH and the taxation of gains from the sale of cryptocurrencies?

Bitcoin trading not subject to licensing
27. January 2023

What has been decided so far? Gains realized from the sale of cryptocurrencies are subject to income tax as part...

Read moreDetails

Agile law firm: How lean structures and modern technologies are changing the legal profession

Agile law firm: How lean structures and modern technologies are changing the legal profession
11. May 2023

Lean and Flexible: The Foundation of My Modern Law Firm At a time when the pace of our world is...

Read moreDetails

OVG Münster: GMail is not a communication service!

OVG Münster: GMail is not a communication service!
7. November 2022

GMail is not a telecommunications service. This was the decision of the Higher Administrative Court for the State of North...

Read moreDetails

Innovations in data protection law: ECJ ruling lowers hurdles for GDPR fines

Innovations in data protection law: ECJ ruling lowers hurdles for GDPR fines
8. January 2024

The judgment of the European Court of Justice (ECJ) of December 5, 2023 in case C-807/21 concerns the interpretation of...

Read moreDetails

Agreement on new State Treaty on Gambling

Agreement on new State Treaty on Gambling
7. November 2022

Next year, there will probably be a new State Gambling Treaty and casino apps will then be permitted throughout Germany....

Read moreDetails

What makes a games law attorney? Or interview at ZAP

What makes a games law attorney? Or interview at ZAP
7. November 2022

Today an exciting interview with me went online, which the "ZAP - Zeitschrift für die Anwaltspraxis" published. The journal is...

Read moreDetails

The power of arbitration: key benefits and potential pitfalls for contracts

The power of arbitration: key benefits and potential pitfalls for contracts
26. June 2023

Arbitration plays an essential role in the modern business world. Arbitration can be used to resolve disputes between parties outside...

Read moreDetails

ECJ: Mere storage of goods does not constitute trademark infringement

Online shops: Attention to advertising with EIA
7. November 2022

The mere storage of trademark infringing goods by Amazon in the context of its online marketplace (Amazon Marketplace) does not...

Read moreDetails
Modding in EULAs and contracts – what applies legally in Germany?
Law and computer games

Modding in EULAs and contracts – what applies legally in Germany?

8. September 2025

Mods add new content to video games, improve graphics or add completely new ways of playing. Hardly any major PC...

Read moreDetails
Arbitration agreements in EULAs and developer contracts

Arbitration agreements in EULAs and developer contracts

7. September 2025
Chain of title in game development: building a clean chain of rights

Chain of title in game development: building a clean chain of rights

6. September 2025
Fail-fast clauses in media productions – what are they actually?

Fail-fast clauses in media productions – what are they actually?

5. September 2025
Founder’s agreement vs. shareholder agreement: setting the course for startups at an early stage

Founder’s agreement vs. shareholder agreement: setting the course for startups at an early stage

12. August 2025

Podcastfolge

Looking to the future: How technology is changing the law

Looking to the future: How technology is changing the law

18. February 2025

In the final episode of the first season of the ITmedialaw.com podcast, we take a look at the future of...

Read moreDetails
9e9bbb286e0d24cb5ca04eccc9b0c902

Legal challenges of innovative business models

1. October 2024
AI in law: opportunities, risks and regulation – the IT Media Law Podcast Episode 3

AI in law: opportunities, risks and regulation – the IT Media Law Podcast Episode 3

24. September 2024
8315f1ef298eb54dfeed2f5e55c8b9da 1

First test episode of the ITMediaLaw Podcast

26. August 2024
d00527fd01b1f807a4f80c0f202069e7

Legal basics for startup founders – how to start on the safe side!

9. November 2024

Video

My transparent billing

My transparent billing

10. February 2025

In this video, I talk a bit about transparent billing and how I communicate what it costs to work with...

Read moreDetails
Fascination between law and technology

Fascination between law and technology

10. February 2025
My two biggest challenges are?

My two biggest challenges are?

10. February 2025
What really makes me happy

What really makes me happy

10. February 2025
What I love about my job!

What I love about my job!

10. February 2025
  • Privacy policy
  • Imprint
  • Contact
  • About lawyer Marian Härtel
Marian Härtel, Rathenaustr. 58a, 14612 Falkensee, info@itmedialaw.com

Marian Härtel - Rechtsanwalt für IT-Recht, Medienrecht und Startups, mit einem Fokus auf innovative Geschäftsmodelle, Games, KI und Finanzierungsberatung.

Welcome Back!

Login to your account below

Forgotten Password? Sign Up

Create New Account!

Fill the forms below to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In
  • Informationen
    • Ideal partner
    • About lawyer Marian Härtel
    • Quick and flexible access
    • Principles as a lawyer
    • Why a lawyer and business consultant?
    • Focus areas of attorney Marian Härtel
      • Focus on start-ups
      • Investment advice
      • Corporate law
      • Cryptocurrencies, Blockchain and Games
      • AI and SaaS
      • Streamers and influencers
      • Games and esports law
      • IT/IP Law
      • Law firm for GMBH,UG, GbR
      • Law firm for IT/IP and media law
    • The everyday life of an IT lawyer
    • How can I help clients?
    • Testimonials
    • Team: Saskia Härtel – WHO AM I?
    • Agile and lean law firm
    • Price overview
    • Various information
      • Terms
      • Privacy policy
      • Imprint
  • Services
    • Support and advice of agencies
    • Contract review and preparation
    • Games law consulting
    • Consulting for influencers and streamers
    • Advice in e-commerce
    • DLT and Blockchain consulting
    • Legal advice in corporate law: from incorporation to structuring
    • Legal compliance and expert opinions
    • Outsourcing – for companies or law firms
    • Booking as speaker
  • News
    • Gloss / Opinion
    • Law on the Internet
    • Online retail
    • Law and computer games
    • Law and Esport
    • Blockchain and web law
    • Data protection Law
    • Copyright
    • Labour law
    • Competition law
    • Corporate
    • EU law
    • Law on the protection of minors
    • Tax
    • Other
    • Internally
  • Podcast
    • ITMediaLaw Podcast
  • Knowledge base
    • Laws
    • Legal terms
    • Contract types
    • Clause types
    • Forms of financing
    • Legal means
    • Authorities
    • Company forms
    • Tax
    • Concepts
  • Videos
    • Information videos – about Marian Härtel
    • Videos – about me (Couch)
    • Blogpost – individual videos
    • Videos on services
    • Shorts
    • Podcast format
    • Third-party videos
    • Other videos
  • Contact
  • en English
  • de Deutsch
Kostenlose Kurzberatung