2023-11-22 10:18: E-mail program Outlook under Windows 11 must not be used
In recent days, the media [1,2,3,4] have reported that a new version of the Outlook email program is being used under Microsoft's Windows 11 operating system environment. This version appears to transfer confidential information (including access data and emails) to Microsoft servers by default, even for integrated email accounts that are provided by email providers independent of Microsoft - e.g. email accounts at the University of Freiburg.
The former LfDI of Baden-Württemberg, Stefan Brink, explains [4]: "Microsoft's approach is at least non-transparent. It will not always be clear to users of the Outlook app for Windows or MacOS what it means to allow the retrieval of emails from other email accounts."
He also points out possible legal violations during use: "This can even be a legal violation on the part of the user, for example if they are a public service employee or the holder of their company's business secrets and are subject to certain confidentiality regulations that prohibit the storage of sensitive data in the cloud. In addition, the user is giving Microsoft access to the content of the emails - which they are generally not allowed to do."
There is also a lot of information from research, teaching and administration at the university that is confidential or contains personal data that would be disclosed when using the new Outlook under Windows 11.
Therefore, from the point of view of data protection and information security, the new Outlook under Windows 11 must not be used for business email accounts at the University of Freiburg. Alternatively, more data protection-friendly e-mail programs, such as Thunderbird [5], should be used.
Many users at the University of Freiburg will still be using Windows 10. They are therefore not directly affected by the problem described above.
[1] heise.de, "Microsoft krallt sich Zugangsdaten: Achtung vor dem neuen Outlook", 9.11.2023 - https://www.heise.de/news/Microsoft-krallt-sich-Zugangsdaten-Achtung-vorm-neuen-Outlook-9357691.html
[2] heise.de, "Outlook-Datenumleitung: Bundesdatenschützer zeigt sich besorgt", 11.10.2023 - https://www.heise.de/news/Microsofts-Outlook-Datenumleitung-BfDI-will-Bericht-von-EU-Datenschuetzer-9358371.html
[3] heise.de, "Neues Outlook: Microsoft bezieht Stellung zur Übertragung von Zugangsdaten", 15.11.2023 - https://www.heise.de/news/Neues-Outlook-Microsoft-bezieht-Stellung-zur-Uebertragung-von-Zugangsdaten-9528869.html
[4] heise.de, "Neues Outlook: Zugangsdatenabfluss alarmiert weitere Datenschützer", 21.11.2023 - https://www.heise.de/news/Zugangsdatenabfluss-im-neuen-Outlook-Datenschuetzer-raet-zum-Verzicht-9535170.html
[5] Mozilla Foundation, Thunderbird - https://www.thunderbird.net/de/
Status: 2023-11-22 (MH)