Dutch authority publishes a public DPIA on data processing via Microsoft Teams

Dutch authorities, SLM Rijk and SURF, assess the data protection risks when using Microsoft Teams in combination with OneDrive, SharePoint Online and Azure Active Directory.

The present DPIA is a repeated assessment of the use of Teams, SharePoint and OneDrive on two versions of the Office software: Office for the Web and the mobile Office apps. It contains outcomes with respect to Diagnostic Data processing in Office for the Web and the mobile Office apps as of 31 May 2020, and now retested in September 2021.

The outcomes of the retest highlights that Microsoft has solved all of the previously identified high risks, having found now only six low data protection risks for the Diagnostic Data processing.

However, there is a high risk if organizations use Microsoft Teams to process very sensitive and special categories of data, due to the possible access by law enforcement and security services in the USA.

Link to the Dutch DPIA on Teams (in English)