OPINION: How Hesse’s privacy ban on school software hurts students

The German state of Hesse has banned Microsoft's Office 365 software, in an example of how overly restrictive privacy laws can end up hurting students more than helping them.

OPINION: How Hesse's privacy ban on school software hurts students
Archive photo shows a student using a laptop. Photo: DPA

It is now illegal for schools in the central German state of Hesse to use Microsoft’s Office 365 productivity software thanks to a ruling by the state’s Commissioner for Data Protection and Freedom of Information (HBDI), who recently declared that the cloud-based platform violates German privacy laws.

They argued that it exposes students and teachers’ personal information to “possible access by U.S. authorities”.

The HBDI’s decision is a striking example of how overly restrictive privacy laws can leave European consumers worse off by making valuable technology off limits.

Germany is known to have a particularly sensitive approach to privacy and has been on a mission to influence strict data protection rules in the EU as a remnant of its past under East Germany’s communist regime.

Martin Selmayr, the German soon-to-be-ex General Secretary of the European Commission, was the architect behind the General Data Protection Regulation (GDPR), which is no coincidence given his grandfather was a West German intelligence chief in charge to combat the Stasi.

SEE ALSO: German car parts giant bans WhatsApp and Snapchat from work phones

'Harming access to education'

The consequences of history are still present, but associating the use of innovative technologies by schools with surveillance and control is misleading.

Germany’s stronger reactions, suspicion, and stricter requirements are ultimately harming businesses and access to education. 

The HBDI is objecting to schools using Office 365 because Microsoft stores data in the U.S. and the General Data Protection Regulation (GDPR) prohibits data processors from storing data outside the EU without first obtaining users’ consent.

The GDPR allows parents to provide consent for their children, but only to the extent authorized by local authorities. In this case, the HBDI is not allowing parents to provide consent for their children, so schools are effectively barred from using Office365.

This prohibition makes no sense. The rationale for preventing data transfers to other countries is to limit illegitimate government surveillance.

But the US government can request access data stored by US companies even when that data is stored abroad—a requirement made clear when the US Congress passed the CLOUD Act—so whether Microsoft stores data in the United States or Germany makes little difference. 

Innocuous Data

In addition, the data involved is innocuous. Students mostly would be storing documents in the cloud, and the FBI has better things to do than read homework assignments of schoolchildren.

Office 365 also collects various types of diagnostic data, such as load times, software versions, and file sizes—most of it not about the students themselves—and this type of data is primarily used for improving software performance and troubleshooting.

Microsoft does not disclose that information to third parties, so it is highly unlikely to cause harm to individuals, who can also choose to disable the collecting of certain data and even delete it.

The HBDI’s decision could also apply to Microsoft Windows 10, since it collects similar application data, as well as Office 365 competitors, such as Google Docs and Apple’s iWork. This restriction will prevent students and teachers at these schools from using these tools, which are often provided free of charge

The German state’s overbearing watchdog would still allow schools to use “other tools such as on-premise licenses on local systems.” In other words, students will have to make do with older, non-cloud-based software with fewer features and less interoperability.

Given that employers are always asking for workers with strong digital literacy, keeping students from accessing one of the most common business tools in the world is completely misguided. In addition—and rather ironically—the HBDI’s decision could put the security of students’ personal data at risk.

Running older software can expose organizations to greater security risks, and some alternatives to Office 365, such as Zoho Office, are attractive targets for attackers because their security features are more lax.

This decision is an egregious example of how privacy regulators can fail to balance privacy with innovation. If there was some question about the way in which companies obtain the necessary consent to process student data, the regulators should have worked with the private sector to resolve this issue.

Protecting customers, not limiting innovation

After all, Microsoft has been a willing partner in past efforts to protect user information—including by suing the U.S. Justice department to challenge government access to its customers’ data. The HBDI should have acted constructively by notifying Microsoft and clarifying its expectations to the firm before expediting a ban.

The European Commission recently called for data protection authorities to help and support companies, yet this decision sanctions conduct before the facts have even been established. 

The goal of privacy laws should be to protect consumers, not limit innovation. Accomplishing this requires regulators to act carefully and deliberately. This decision by the HBDI will do nothing to improve student privacy, but it will leave students worse off.

Member comments

Log in here to leave a comment.
Become a Member to leave a comment.
For members


12 useful bureaucratic things you can do online in Germany

Germany might be notorious for its paperwork and bureaucratic office wait times, but there are increasingly more things you can take care of from the comfort of your home.

12 useful bureaucratic things you can do online in Germany
Photo: DPA

Moving to Germany from a country that has fully embraced the digital age can mean being surprised at having to buy a stamp instead of filling out an online form. Many have lamented Germany’s less than fast transition onto the online world. 

Partly due to Covid-19 contact restrictions that have been in place in recent months, more and more things in Germany have now gone online and many hope that Germany is, as one Twitter user joked, ‘’slowly approaching the technical level of 1996″ and now entering the 21st century.

READ ALSO: How the pandemic is bringing German bureaucracy out of the 1980s

Before the pandemic, many German offices (including the Bundestag) used fax machines. Photo: DPA

Coronavirus specific:


Obtaining a document that proves you have a residence in Germany is often the first step to registering for multiple other essential services.

Prior to the crisis, this meant obtaining an appointment and waiting in line. Due to the pandemic, you can now register by post or email. 

However, you can only do this if you have previously registered, and so it only applies to those changing their address – an Ummeldung.

You can email or mail the documents necessary to the Burgeramt in your new district, and they will take a few weeks or days to reply.

Registration of entry into Germany

Those travelling back into Germany from a risk area have to register upon entry to ensure proper quarantine regulations are upheld. Due to the pandemic, this process can be done online via a form found here.

Opening a bank account

Some banks, such as N26, let you open a bank account entirely online. You may be required to verify your identity, which you can also do online via webcam or email verification code.



If you and your partner recently welcomed a baby, you might be able to receive parental allowance (Elterngeld) which is a benefit given to all new parents to subside potential loss of earnings caused by the birth of a new child.

The benefit is shared between parents to give both the time to spend time with a newborn. This can now for the first time be done online, by following this form here.


On the same note it is also now possible to apply for Kindergeld via an online form. Kindergeld is a monthly benefit given to all parents in Germany, to ensure that their basic needs are met.

Both Kindergeld and Elterngeld can now be filled out in one document – a Kombi-Antrag online – although they must still be printed out, signed and sent to the relevant office. 

READ ALSO: From Kindergeld to tax benefits: What changes for families in Germany in 2021


Most people are entitled to Arbeitslosengeld if they have lost their job, and also in some cases if they have quit and are on the lookout for a new position.

An important part of receiving this unemployment benefit is registering in time (usually around three months) which you can do online here. It is important to note however, that you still have to book an appointment at your local office to finish the process.


BAföG provides crucial financial support to students during their studies. Whilst foreign students are only eligible subject to certain requirements, the application process can be done online by following this link.

READ ALSO: How to finance your master’s studies in Germany as an international student


Prescriptions via QR code

From July 1st, patients will receive their prescription from their doctor via QR code and app and transmit it to the pharmacy. The pharmacy can then inform the patient whether the preparation is in stock or when it will be ready for collection. 

This model is to be mandatory for people with statutory health insurance as early as 2022, and is set to completely replace the paper prescription.

Sick notes submitted electronically to health insurance

Until now, employees had to submit their sick note (Krankenschein) to the insurer themselves when they called in sick at work.

An ‘Arbeitsunfähigkeitsbescheinigung’, or sick note, which until now the employee submits directly to their employer after receiving it from a doctor. Photo: DPA

As of January, this can be done electronically: the doctor will then send the so-called eAU (electronic certificate of incapacity for work) directly to the insurer. However, the patient will still receive a paper certificate which they can pass on to their employer.

From 2022, the employer will also be able to retrieve the sickness notification directly from the health insurance company.

READ ALSO: How Germany plans to ditch paper sick notes for digital ones


Register and pay your TV tax

Although the majority may not enjoy having to pay TV tax monthly (especially if they don’t have or use a TV) you can make the process less painful by now registering your flat and setting up a payment method online.

Apply for a tax number

Your tax number, or Steuernummer can also be collected online. It is useful primarily for freelancers and businesses. The form can be filled out online and submitted to the Finanzamt, or tax office. You can find help filling out the form in English here. If you own a business, and it moves to a different Finanzamt’s area, your tax number will also change. 

File taxes

Again, especially relevant for freelancers or those self-employed, you can use ELSTER, an online tax office system designed by the Budeszentralamt fur Steuern, or the Central Tax Office to submit your tax returns online.

The first step is to create an account and either choose to auto-fill in the form or fill it in yourself. You will receive a digital signature and be able to fill out your forms and submit them online.