> Education organisations are advised not to use Microsoft 365 Copilot as long Microsoft has not implemented adequate measures to mitigate the identified 4 high data protection risks.
These 4 are (see page 209):
> 17.2.1. Inability to exercise data subject access rights to Diagnostic Data
> 17.2.2. Significant economic or social disadvantage and loss of control due to use of generated texts with inaccurate personal data
> 17.2.3. Loss of control through lack of transparency Required Service Data, including Telemetry Events from Webapp clients.
> 17.2.4. Reidentification of pseudonymised data through unknown retention periods of Required Service Data (including both Content and Diagnostic Data)
Of these, only the second is an LLM problem. The others are basic GDPR data processing requirements.
> Education organisations are advised not to use Microsoft 365 Copilot as long Microsoft has not implemented adequate measures to mitigate the identified 4 high data protection risks.
These 4 are (see page 209):
> 17.2.1. Inability to exercise data subject access rights to Diagnostic Data
> 17.2.2. Significant economic or social disadvantage and loss of control due to use of generated texts with inaccurate personal data
> 17.2.3. Loss of control through lack of transparency Required Service Data, including Telemetry Events from Webapp clients.
> 17.2.4. Reidentification of pseudonymised data through unknown retention periods of Required Service Data (including both Content and Diagnostic Data)
Of these, only the second is an LLM problem. The others are basic GDPR data processing requirements.