> We had four lawyers, three privacy experts, and two campaigners look at Microsoft's new Service Agreement, which will go into effect on 30 September, and none of our experts could tell if Microsoft [will use your data] to train its AI models.
* in the USA, I assume?
With GDPR, if it's not a defined goal then the answer is no. In the USA, I hear things of some states having a similar law now but as a blanket statement without defined region (not even country) I'm not surprised if you can't give a definitive "no".
I think what these types of contracts show is that companies at Microsoft's level don't give a sh*t about national or over-regional regulation. They will use your data, and while you're busy reading 100s of pages of mumbo-jumbo they already have their models about you in place and sell access to it on a PPC basis.
And this is especially true with GDPR. Google's revenues are still growing, the advertising companies are fine, we all just have to click a few more cookie banners nowadays.
Defeatism and cynicism are simply excuses for complacency. If you think companies like Microsoft are exploiting your data, don't just whine about it; take action. Your passivity won't stop them; stricter regulations and public pressure will. Just the other day, Microsoft decided to decouple Teams from the Office Suite in an attempt to preempt a potential antitrust penalty from the European Union. It's just one example of how a regulatory body can influence how companies conduct their business.
But nobody cares, everyone just ignores those kinds of decisions and continues to not get fined because as especially the second link shows, "its complicated". Nobody even knows which agreements with Microsoft are actually valid for which license, software and situation. At the same time, for all the office drones, Microsoft software is just "the standard" and nobody even considers switching. It is just a complete refusal to get compliant by all the public offices, let alone private companies.
The only reason Europe has successfully enacted such laws and pushed back against big tech is because it isn’t dominated by European companies. The US has no economic incentive to do the same.
* in the USA, I assume?
With GDPR, if it's not a defined goal then the answer is no. In the USA, I hear things of some states having a similar law now but as a blanket statement without defined region (not even country) I'm not surprised if you can't give a definitive "no".