The IT company promised on several occasions that it would only use the data of business customers when necessary to provide the services requested. Vendors would only be able to access the data on a need-to-know basis, so only when the data is essential to perform a task. However, this does not seem to be the case.
The lawsuit was filed on behalf of Frank Russo, Koonan Litigation Consulting and Sumner Davenport & Associates, but they claim to do so on behalf of all users of Office 365. “Contrary to its representations, Microsoft has regularly shared – and continues to share – its business customers’ data with Facebook and other third parties. The data is shared even when neither the customers nor their contacts are Facebook users.”
The allegations can have some consequences if they turn out to be true. For example, the plaintiffs believe that Microsoft has used customers’ emails, documents, calendars and even location data to develop new products and learn more about its customers. Not in order to improve the user experience, but to further develop their own commercial products.
In addition, the sharing of data with Facebook is especially problematic. If it is indeed true, then Microsoft would be sharing data with Facebook that can’t be deleted by Microsoft itself. The user data would then be in the hands of Facebook and the companies that Facebook shares its data with.
Microsoft told the TheRegister that it is aware of the impending lawsuit. The spokesperson says that the allegations are not very specific probably because the plaintiffs cannot substantiate their claims. “We have an established history of both robust privacy protections and transparency, and we’re confident that our use of customer data is consistent with the instructions of our customers and our contractual commitments.”