Austria: Data Protection Authority investigation into Microsoft over alleged violation of GDPR concerning use of tracking cookies in Microsoft 365 Education

Progress

Current status

in force

21 Jan 2026 in force

Scope

Implementers

Austria

Policy Area

Data governance

Policy Instrument

Data protection regulation

Regulated Economic Activity

software provider: other software

infrastructure provider: cloud computing, storage and databases

Government Branch

executive

Government Body

data protection authority

Implementation Level

national

Timeline of events

21 Jan 2026

in force

Austrian Data Protection Authority issued its ruling following investigation into Microsoft concerning use of tracking cookies in Microsoft 365 Education

On 21 January 2026, the Austrian Data Protection Authority upheld a complaint filed by a pupil, represented by the European Center for Digital Rights (noyb), against Microsoft regarding the use of tracking cookies in Microsoft 365 Education. The dec…

Source

Event type investigation

Action type ruling

Government branch executive

Government body data protection authority

Progress

Scope

Timeline of events

Austrian Data Protection Authority issued its ruling following investigation into Microsoft concerning use of tracking cookies in Microsoft 365 Education

Related changes

related intervention is part of the same original policy

Austria: Data Protection Authority investigation into Microsoft over alleged violation of GDPR in handling of children's data

enforces related intervention

European Union: Data protection requirements and security measures in Regulation (EU) 2016/679 (GDPR)