Austria’s Data Protection Authority (DSB) has issued a landmark ruling against Microsoft Corporation, mandating the immediate cessation of non-essential tracking cookie usage within its educational software platforms. This decisive action follows comprehensive investigations into the tech giant’s data processing practices in academic environments.
The legal challenge was initiated by NOYB (None of Your Business), Europe’s prominent digital rights advocacy organization, which filed two formal complaints against Microsoft in early 2024. The complaints alleged systematic violations of children’s data protection rights through Microsoft’s widely deployed education software used in Austrian schools.
In its January 21 ruling, the DSB determined that Microsoft operated without proper legal justification for processing students’ personal information. The authority issued a compliance directive requiring the removal of all non-essential tracking cookies within a four-week implementation period. These digital tracking mechanisms, typically employed for behavioral analysis and advertising purposes, were found to have been deployed on student devices without obtaining proper consent.
Felix Mikolasch, NOYB’s data protection attorney, emphasized that “tracking minors clearly isn’t privacy-friendly,” highlighting the particular vulnerability of children in digital environments. Microsoft representatives acknowledged the ruling while maintaining that their educational products comply with all data protection requirements under the EU’s General Data Protection Regulation (GDPR).
This decision represents another significant victory for NOYB, which has pursued hundreds of legal actions against technology corporations since the implementation of GDPR in 2018. The case demonstrates the continuing tension between technological innovation in education and fundamental privacy rights, particularly concerning minor students.