Show all guides
Europe
GDPR

Austria’s DSB finds that Microsoft violated EU privacy law in educational deployment

Last update:
Oct 23, 2025

Austria’s data protection authority ruled that Microsoft had breached EU privacy laws by placing tracking cookies and collecting student data via its Microsoft 365 Education platform without appropriate consent, thereby failing to protect data access rights. 

The regulator held the company accountable following a complaint by a student’s father. The decision emphasizes that software providers deploying educational solutions must ensure compliance with the GDPR, particularly when minors are involved. This case may set a precedent for how educational tech platform providers handle personal data in the EU.

The full guidelines can be found
here

Related Guides

Dutch DPA Hits Uber and Clearview AI with Massive Data Privacy Fines

September 4, 2024

In the past week, the Netherlands DPA issued a $324 Million fine to Uber and ~$34 Million fine to Clearview AI
Europe
GDPR

Spanish DPA Fines Open Bank €2.5 mil over GDPR Violation

August 1, 2023

The Spanish DPA continues its busy year with its biggest GDPR fine issued in 2023, hitting Open Bank over violations to Articles 25 and 32
Europe
GDPR
The information provided on this website does not, and is not intended to, constitute legal advice; instead, all information, content, and materials available on this site are for general informational purposes only