Austria’s data protection authority has found that Microsoft “illegally” tracked students using its education software and must provide them access to their personal data, according to privacy campaign group Noyb. In 2024, Noyb (None of Your Business) lodged a complaint, claiming that Microsoft 365 Education violated EU data protection rights for children.
++ Starmer launches plan to cut red tape and revitalise pubs
The group said Microsoft 365 Education installed cookies that collected browser data for advertising purposes, potentially affecting millions of students and teachers across Europe. This week, the Austrian regulator confirmed its decision, stating that Microsoft 365 Education had unlawfully tracked students and used their data for the company’s own purposes. The company has been ordered to grant access to users, including a minor represented by her father.
Noyb criticised Microsoft for failing to respond to users’ requests for access to data, instead attempting to shift responsibility to local schools or other national institutions. “The decision highlights the lack of transparency with Microsoft 365 Education,” said Noyb data protection lawyer Felix Mikolasch. “It is almost impossible for schools to inform students, parents and teachers about what is happening with their data.”
++ Andy Burnham emerges as possible challenger to Keir Starmer amid Labour unrest
Microsoft responded that it would review the decision and decide on next steps “in due course”. The company maintained that Microsoft 365 for Education meets all required data protection standards and that educational institutions can continue to use it in compliance with the EU’s General Data Protection Regulation. Noyb, founded by privacy activist Max Schrems, has filed more than 800 complaints against technology companies across various jurisdictions, prompting regulatory action on numerous occasions.
