noyb has scored another win in its proceedings against Microsoft 365 Education: The Austrian data protection authority (DSB) has decided that the company illegally installed cookies on the devices of a pupil without consent. According to Microsoft’s own documentation, these cookies analyse user behaviour, collect browser data and are used for advertising. Microsoft now has four weeks to comply and cease the use of tracking cookies.
You know that this will be used to enforce user authentication for EVERYONE, right? How else do you expect them to differentiate between children and adults, given that they will never stop tracking the adults!?
They don’t have to do that at all. These are “Work or School” accounts, and generally with Schools they are on a specific education products on top of that. All they have to do is make the company/school enter ages for all their accounts if they are using EDU products. Microsoft can reasonably trust that data.
Not necessarily, TikTok now delete accounts they believe to belong to children under 13. They could have chosen to do age authentication the British way but i suppose they had a big reason not to. Microsoft might understand they could lose business if they force users to prove they’re not children. It’s not like everybody would trust MS with such data.