In mid-February of this year the introduction of Office 365 for all students at TU/e got underway, and at that time the CIO Office at TU/e still presumed that the rollout for employees would start after the summer vacation. In March, however, legislation known as the Cloud Act was passed in the United States, a bill that gives the United States government access to the data of US companies, even if that data is stored outside the US. In theory this would enable United States security services to read the emails, personal data and research data of our employees should TU/e switch to Office 365. It was in response to this that the rollout was put on hold.
According to Henny van Alphen, project leader at the CIO Office, the introduction was recently delayed until further notice and in April another look will be taken at the situation as it then stands. This is because, as Van Alphen tells Cursor, Microsoft is currently at loggerheads with the Ministry of Justice and Security. The Strategic Suppliers Management Microsoft-National Government (SLM Microsoft), a unit within this ministry, has been in discussion with Microsoft for some time now and at the end of October reached agreement on an improvement plan that Microsoft will adopt.
In this plan Microsoft undertakes to change its products such that their use for Dutch government purposes can stay within the bounds of the General Data Protection Regulation (AVG) and other prevailing laws and regulations. Microsoft will submit these changes for verification in April 2019. TU/e is awaiting the verdict on them.
To the question why no decision has been taken to withdraw Office 365 from student use, Van Alphen replied in early September as follows: “In principle student have less privacy-sensitive data and that means the risk to them is also less great.”