Questions raised over Office 365 shared content policy

Buried 300 words into Microsoft’s standard service level agreement is a clause that affects intellectual property and privacy

An open letter, addressed to Microsoft president and head of legal Brad Smith, has warned that the company’s service agreement could undermine intellectual property protection.

According to software licensing specialist Cerno, the provision renders commercial confidentiality and data privacy controls ineffective if any document or other content created in Microsoft software-as-a-service (SaaS) products is emailed to or shared with more than one person.

“We are calling on you today to change your standard software licence terms to prevent the ‘open sourcing’ of private and sensitive content, shared daily by your millions of users,” the Cerno letter warned.

Cerno said the Microsoft terms imply that creators give worldwide permissions to anyone who accesses confidential or private company documents using products in the Microsoft cloud, such as Office 365.

Cerno director Robin Fry said: “Such enforced abandonment of copyright and privacy controls is, in Cerno’s view, not expected by individual users or indeed by any corporate. It renders many legal rights unenforceable, for example those for infringement of copyright or breach of confidentiality. And its continuance could seriously disrupt necessary litigation to ensure that all such content is kept within the group within which it is shared.”

The service agreement also implies that email messages delivered via Outlook are automatically available for any use, and onward sharing, by recipients, Cerno warned. It said Skype calls or meetings created in private Teams groups could be distributed to anyone, no matter how sensitive the information.

Open sourcing all shared creations

For Fry, the wording of the service agreement has implications for businesses that share information with business partners, third parties, contractors and customers who may be using consumer versions of the Office 365 product.

“Such enforced abandonment of copyright and privacy controls is not expected by individual users or any corporate. It renders many legal rights unenforceable, for example those for infringement of copyright or breach of confidentiality”
Robin Fry, Cerno

He said he discovered the explicit reference to sharing content while checking the Microsoft licence agreement. “Whenever you look at software licensing, there are always odd things, and I couldn’t believe they wrote that,” he said.

While employees may contractually be bound by internal rules on data sharing and confidentiality agreements, the wording of the Microsoft service agreement means that recipients of documents or messages shared in Microsoft SaaS products may, in effect, believe they have the right to distribute any data that has been shared with them, similar to the way open source software is distributed, Fry said. 

According to Fry, the existence of the consent placed on every contributor, in favour of all other recipients, means that claims for breach of confidentiality, infringement of copyright and breach of data privacy rules might well fail.

“People share private and commercial materials constantly, but it isn’t always the case that there’s, for instance, an employment contract in place. No one would expect that emailing a friend, or talking over a project with a group of collaborators, would mean that each recipient would be permitted to freely distribute and share onwards to anyone else worldwide,” he said.

“If you create something, you have explicit copyright protection by law, which stops the recipient from automatically copying it and distributing it, so there is no need to sign additional contracts. But all rights are taken away if someone grants a licence, which is what the Microsoft service agreement does. Microsoft has, in effect, open sourced everything you create if you then share it once with one other person using any of Microsoft’s 125+ product lines. These terms must urgently be changed,” added Fry.

Outlook provides users with the ability to use third-party plug-ins such as LinkedIn cards, and feedback tools to help manage customer interactions. OneDrive enables secure document and content sharing and collaboration, while guest users can be invited into Teams environments, to collaborate or communicate on specific projects or work items. 

However, Fry warned: “Billions of emails are sent each week using Outlook – only some are expressly restricted from onward sharing. Most users, whether personal or corporate, would be disturbed at the ‘open sourcing’ that is imposed on them by Microsoft’s terms.”

Read more about software licensing

  • Avoid springing a money leak in your Office 365 tenant by keeping closer tabs on several areas and following more frugal practices.
  • Microsoft will allow users to make certain purchases in Power Platform – Office 365 admins should know what this entails and how it will affect them.

Read more on Software licensing

Data Center
Data Management