The government of The Netherlands recently commissioned the Privacy Company to perform a data protection impact assessment regarding the government’s use of Microsoft Office products, and the results of this assessment are alarming.

The SLM Rijk conducts negotiations with Microsoft for approximately 300.000 digital work stations of the national government. The Enterprise version of the Office software is deployed by different governmental organisations, such as ministries, the judiciary, the police and the taxing authority. The results of this Data Protection Impact Assessment (DPIA) are alarming. Microsoft collects and stores personal data about the behaviour of individual employees on a large scale, without any public documentation. The DPIA report (in English) as published by the Ministry is available here.

This shouldn’t surprise anyone, but it’s good to see governments taking these matters seriously, and forcing technology companies to change their policies.