Switching to Microsoft cloud servers now putting all Icelandic state institutions at privacy risk

Helmut Neukirchen, 5. June 2018

The Icelandic government finalised a contract with Microsoft which covers using Microsoft Office365 cloud services (including email services) in all state institutions (Icelandic announcement).

At least the introduction of Office365 on the Icelandic state-level, leads to some media coverage at Kvennablaðið including Twitter -- well in fact, there was already in the past Twitter-coverage by the Nordic e-Infrastructure Collaboration (NeIC), but they were forced to remove that tweet (honi soit qui mal y pense).

In fact the, same concerns as for the Office365 introduction at University of Iceland apply -- but this time at an even bigger scale (e.g. while other national governments try the best to keep their IT system inaccessible to anymore else, Icelandic government seems not to care at all. Many other institutions handle sensitive data, e.g. when the Icelandic Directorate of Health outsourced patient data to an Icelandic IT provider, privacy concerns were raised. With Microsoft Office365, data will be moved abroad and makes it subject to wiretapping by foreign secret services or direct access via the US CLOUD act and the the European Commission's matching counterpart: E-Evidence).