No, the AI advised me to contact my direct superior and his superior, but mentioned their names.
I have never provided it with this information, so that means it has a lot more access to our information than is officially known. Technically we aren’t even supposed to input anything that could possibly be identifying, again for GDPR purposes, so I have no idea where Copilot got the information from.
I assume that MS lets companies tailor their instance of Copilot to a certain degree and maybe it was fed an organigram of the entire company, but AFAIK this is already not allowed under current legislation.
Or maybe it is and I’m just a modern luddite.
Regardless, I’ll be even more careful about what I use Copilot for from this point forward.
@Kyrgizion@boredsquirrel I assume you"re using 365 version of Copilot wich can access Active Directory data which if they’re correctly setup contains a supervisor field
Probably from the Microsoft 365/Teams/Outlook/whatever profile which can include who’s your manager, or potentially from Outlook emails. From what I can tell, Microsoft’s been trying hard to shove copilot in any of their systems, like AAD/Entra.
My company has recently migrated their emails to it and as an admin I was very surprised that you can just read any email in full in any mailbox from “regular” functionality like email trace or antispam. I have no idea how that’s GDPR compliant - in my other jobs we were using Google Workspace which only shows metadata because of that, and accessing another person’s mailbox by other means (e.g. resetting the password on an ex-employee account) was a huge no-no
[…] in my other jobs we were using Google Workspace which only shows metadata because of that[…]
Rare moment when Google is mentioned as behaving GDPR compliant… I mean, I know that big tech is vacuuming up all data and doesn’t care about GDPR, but still… You can be worse than effing Google?
Did you pay for copilot yourself or did your job provide you with a license?
The enterprise tier of copilot is supposed to have access to such data, though it can be managed trough internal policies.
Ask it to summarize your latests emails
In outlook/teams messages. If it has access to those (and this is intended) then its near certainty also setup to know who is who in the organization.
Allegedly, the data is “safe” because enterprises is supposedly not harvested and used for training… which makes me conclude non enterprise use absolutely is.
Allegedly because thats what Microsoft claims and on paper it looks legal. But these tech companies never seem to actually follow the law to such a degree that any claims that unmistakably seem to fit within the legal framework automatically are sus to me.
No, the AI advised me to contact my direct superior and his superior, but mentioned their names.
I have never provided it with this information, so that means it has a lot more access to our information than is officially known. Technically we aren’t even supposed to input anything that could possibly be identifying, again for GDPR purposes, so I have no idea where Copilot got the information from.
I assume that MS lets companies tailor their instance of Copilot to a certain degree and maybe it was fed an organigram of the entire company, but AFAIK this is already not allowed under current legislation. Or maybe it is and I’m just a modern luddite.
Regardless, I’ll be even more careful about what I use Copilot for from this point forward.
@Kyrgizion @boredsquirrel I assume you"re using 365 version of Copilot wich can access Active Directory data which if they’re correctly setup contains a supervisor field
Thanks for the info!
Probably from the Microsoft 365/Teams/Outlook/whatever profile which can include who’s your manager, or potentially from Outlook emails. From what I can tell, Microsoft’s been trying hard to shove copilot in any of their systems, like AAD/Entra.
My company has recently migrated their emails to it and as an admin I was very surprised that you can just read any email in full in any mailbox from “regular” functionality like email trace or antispam. I have no idea how that’s GDPR compliant - in my other jobs we were using Google Workspace which only shows metadata because of that, and accessing another person’s mailbox by other means (e.g. resetting the password on an ex-employee account) was a huge no-no
Rare moment when Google is mentioned as behaving GDPR compliant… I mean, I know that big tech is vacuuming up all data and doesn’t care about GDPR, but still… You can be worse than effing Google?
Did you pay for copilot yourself or did your job provide you with a license?
The enterprise tier of copilot is supposed to have access to such data, though it can be managed trough internal policies.
Ask it to summarize your latests emails In outlook/teams messages. If it has access to those (and this is intended) then its near certainty also setup to know who is who in the organization.
Allegedly, the data is “safe” because enterprises is supposedly not harvested and used for training… which makes me conclude non enterprise use absolutely is.
Allegedly because thats what Microsoft claims and on paper it looks legal. But these tech companies never seem to actually follow the law to such a degree that any claims that unmistakably seem to fit within the legal framework automatically are sus to me.