''By engaging and staying in dialogue with vendors, we secure the best privacy and security conditions for research and teaching.''
Tracks
Zoom
After intensive consultation with SURF, Zoom is making changes to the privacy agreements for all Education and Enterprise users in Europe. In addition to these adjustments and new contractual agreements, SURF advises institutions to implement a number of recommended measures themselves and make new agreements with Zoom. Once these are implemented, there will no longer be any high privacy risks for those involved in using Zoom video conferencing services, this also applies to highly confidential communications.
Microsoft OneDrive, SharePoint and Teams
SURF, together with the Ministry of Justice and Security (Strategic Supplier Management for the Central Government), commissioned the Privacy Company to conduct a Data Protection Impact Assessment (DPIA) on Microsoft OneDrive, SharePoint and Teams. The study revealed the following:
- 6 low risks
- 1 high risk
The 6 low risks can only be classified as such after actions have been implemented by the institutions. SURF will come up with further information for this. The high risk concerns the use of Teams. It concerns the specific situation where special personal data is shared via pre-scheduled Teams meetings. These scheduled sessions are not end-to-end encrypted. Currently, Microsoft offers this encryption (end-to-end encryption, E2EE) only for spontaneous 1-to-1 exchanges.
Google Workspace
We reached agreement with Google on a comprehensive set of contractual, organisational and technical measures regarding the use of Workspace for Education Plus and Workspace Education Fundamentals by educational institutions in the Netherlands. Given the importance of using Google services in educational institutions, SURF and SIVON will continue to monitor Google on behalf of the education sector.
Read more about Google Workspace