What are you looking for?

Most searched:

Most searched:

Improved accessibility mode

SURF strives for a website that is accessible to everyone. We are working on a full accessibility mode.
Man knielt bij kluisje op de UvA
News

Update to Data Protection Impact Assessment (DPIA)

Privacy risks Microsoft 365 Copilot remain ‘orange’ despite improvements

SURF continues to advise educational and research institutions to exercise caution when deploying Microsoft 365 Copilot. Although Microsoft has made improvements to the AI assistant since SURF first published the DPIA in December 2024 (followed by an updated assessment in September 2025), not all privacy risks have been sufficiently mitigated.

This is the conclusion of the second update to the Data Protection Impact Assessment (DPIA) on Microsoft 365 Copilot, commissioned by SURF and written by Privacy Company. As a result, Dutch educational and research institutions are advised to remain cautious in their use of Microsoft 365 Copilot, and to determine suitable use cases and carefully assess the risks in each instance.

Remain cautious when deploying Microsoft 365 Copilot 

In December 2025, Microsoft shared a revised roadmap containing several feature changes for Microsoft 365 Copilot. In follow-up discussions between SURF, Strategic Vendor Management Microsoft, Google Cloud, AWS + EU CSP’s (SLM MGA) of the Dutch central government, and Microsoft in January and February 2026, it was concluded that two medium risks remain insufficiently addressed. 

These orange risks concern two issues. 

First, Microsoft 365 Copilot automatically applies a so-called ‘Workplace Harms filter’ on input prompts as well as generated outputs. This filter is designed to prevent the AI assistant in making judgments about employees based on their workplace behavior, attitude, or personal characteristics. Microsoft does not disclose the cultural standards, thresholds, or contextual criteria governing its filter’s interventions, nor can organisations modify or disable the filter. Though Microsoft 365 Copilot sometimes refuses to answer, and sometimes refers to Workplace Harms, there is no neutral flag indicating filtering, and no consistent language about the application of RAI-filtering. Consequently, users cannot determine whether the intervention was appropriate or justified.

Second, Microsoft stores certain diagnostic and telemetry data for up to 18 months. Although this data is pseudonymised, Microsoft does not adequately explain why this retention period is necessary or under what circumstances the data may be deleted earlier. This increases the risk that data could still be traced back to individuals.

Conclusion: advice unchanged 

On 31 March 2026, Microsoft provided a final response regarding these two issues. This did not lead to a different assessment: both risks remain classified as orange (medium). Therefore, SURF’s advice is unchanged: Dutch educational and research institutions are advised to remain cautious in their use of Microsoft 365 Copilot, and to determine suitable use cases and carefully assess the risks for each such use case. 

A new low data protection risk  

In March 2026, Microsoft introduced a new data protection risk through the introduction of ‘flex routing’ for Microsoft 365 Copilot data traffic. Microsoft communicated that it would enable data transfers outside of the EU Data Boundary for new tenants, while existing customers had to check their settings. SURF verified that Microsoft had not changed the setting (of EU-exclusive data processing) for existing Dutch education customers. Because new Microsoft 365 education customers can disable this data transfer, this issue is added as new 10th low risk. 

For a more comprehensive view on the assessment as well as the risks and mitigating measures, SURF refers to the DPIA report.

What does this mean for institutions? 

The DPIA on Microsoft 365 Copilot has now been concluded, following Microsoft’s final statement. As Microsoft has indicated that no further action will be taken, there are no plans for a follow-up assessment.

The Dutch educational and research institutions remain responsible for the safe use of educational and digital applications; they decide which applications their institution uses and under what conditions. If they decide to accept the two medium risks, they are strongly advised to adopt a policy for responsible AI usage.

Manage the deployment of AI 

As a cooperative, SURF supports the sector to remain in control over the deployment of AI and encourages responsible use. By providing DPIAs and regular updates, we inform members about the opportunities and risks of AI. In our Cloud Sourcing Strategy, we take into account the need for a landscape with different providers, the dynamic geopolitical relationship with the US, and the need to avoid vulnerabilities due to vendor lock-in. 

 Full report available 

Download the DPIA report

SURF is especially alert to processing by vendors and their associated sub-vendors that are located in the US. For more information, see the previously prepared general information document on the use of US-based vendors.

Related topics: