Microsoft Violated EU Privacy Law in Handling Children’s Data, Austrian Regulator Finds

Austria’s data protection authority (Datenschutzbehörde, or DSB) has ruled that Microsoft violated European Union privacy laws in its handling of children’s data through its Microsoft 365 Education platform. The decision follows a complaint filed in 2024 by privacy advocacy group NOYB (None of Your Business), which alleged that Microsoft tracked students and used their personal data for its own purposes without proper legal basis.

The regulator found that Microsoft 365 Education installed tracking cookies and collected browser data from student users, including minors, without adequate transparency or consent. This data was reportedly used for advertising and analytics, raising serious concerns about profiling and commercial exploitation of children’s information.

The complaint was filed on behalf of a minor whose school used Microsoft 365 Education. When the student’s parent requested access to the child’s data, Microsoft referred them to the school. However, the school could only provide partial information, as it did not have access to all the data Microsoft collected. The DSB concluded that Microsoft failed to comply with the General Data Protection Regulation (GDPR), particularly its obligations around data access rights and lawful processing.

The regulator ordered Microsoft to grant full access to the personal data it holds on the complainant and to revise its data handling practices to ensure compliance. NOYB welcomed the ruling, stating that it sets a precedent for protecting children’s rights in digital education environments.

📰 Mini Headlines

Google Faces Scrutiny Over AI-Linked Health Data Policy for Employee Benefit

Google has come under criticism after reports revealed that U.S.-based employees were asked to share personal health information with Nayya, an AI-powered benefits platform, during open enrollment. The tool analyzes medical history, lifestyle data, and claims information to recommend personalized coverage options. Initially, Google’s internal communication suggested that employees who declined to use Nayya might lose access to company-sponsored health benefits, raising concerns over consent and data privacy. Following backlash, Google clarified that participation is optional and revised the policy language.

Health Data Policy

Read More → https://www.mondaq.com/data-protection/1687008/adgms-new-data-protection-rules-balancing-privacy-and-public-interest https://americanbazaaronline.com/2025/10/10/google-asks-employees-to-share-health-details-with-ai-tool-for-benefits-468618/

Congress Calls for Review of RTI Amendment and Data Protection Law on RTI Act’s 20th Anniversary

Marking 20 years of the Right to Information (RTI) Act, the Congress party has demanded a comprehensive review of the 2019 RTI Amendment and the Digital Personal Data Protection Act, 2023. Leaders argued that the RTI Amendment diluted the independence of Information Commissions by allowing the Centre to determine their tenure and salaries. They also raised concerns that the DPDP Act could override RTI provisions by enabling blanket denial of personal data disclosures. Congress called for restoring transparency safeguards and ensuring that privacy legislation does not erode citizens’ right to information, especially in matters of public interest and governance.

Data Protection Law

Read More → https://shillongtoday.com/20-years-of-rti-act-congress-demands-review-of-data-protection-act-2023-and-rti-amendment-2019/

Citizens Disability Fined $1 Million by FTC Over Illegal Telemarketing

The U.S. Federal Trade Commission (FTC) has fined Citizens Disability $1 million for violating telemarketing rules under the Telemarketing Sales Rule (TSR). The company allegedly made unsolicited robocalls to consumers on the National Do Not Call Registry and failed to maintain proper records. The penalty includes injunctive relief, requiring the firm to overhaul its compliance protocols and cease unlawful outreach.

Illegal Telemarketing

Read More → https://www.hunton.com/privacy-and-information-security-law/citizens-disability-to-pay-1-million-penalty-to-the-ftc-over-telemarketing-calls

Mappls Challenges Google Maps with Privacy-Focused Navigation App

Indian tech firm MapmyIndia has launched Mappls, a navigation app offering 3D maps, real-time traffic updates, and a privacy-first approach. Unlike Google Maps, Mappls does not track user movements or store personal location data. It also introduces a digital address system called eLoc, which enables precise location tagging without revealing personal details. The app supports voice-guided navigation and is available in multiple Indian languages. With growing concerns over data surveillance, Mappls states itself as a secure alternative for users seeking control over their digital footprint.

Privacy-First Approach

Read More → https://www.indiatvnews.com/technology/news/mappls-app-takes-on-google-maps-offers-3d-navigation-data-privacy-and-digital-address-system-2025-10-12-1012429