Amsterdam city council puts a test project with Microsoft Copilot on hold because of ‘high privacy risks.’ A warning to all organizations using Copilot?
The City of Amsterdam is making a striking decision: a test project with Microsoft Copilot will be temporarily halted. That decision comes after a negative analysis on Microsoft Copilot’s data security, published in December by the Strategic Supplier Management Division (SLM) of the Ministry of Justice. The report identified “high risks” around privacy and data security.
SLM puts the cause of the risks down to insufficient transparency from Microsoft about processing personal data. The use of Copilot is not necessarily discouraged, but SLM urges government organizations to take additional measures, such as training staff to work with Copilot.
Costs and benefits
Amsterdam’s city council is choosing to temporarily halt the pilot until Microsoft resolves the risks. Amsterdam is more often wary of technology, as the city council previously banned employees from using Telegram. “The identified risks mean that this technology cannot be used safely and legally within our organization at this time,” the city council said through the Dutch Association of Municipal Governments.
That same association does just encourage the use of Copilot in a government context. Organizations must weigh the risks against the benefits Copilot can offer them, it says. The Flemish government recently signed a contract for ten thousand licenses with Microsoft. So opinions about Copilot, as well as other generative AI tools, are divided.
Copilot: help or burden?
After reading this article, are you planning to cancel your Copilot subscription? No need to, but be aware that there are risks. If you use Copilot within a paid formula, Microsoft offers more protection than if you were using AI tools for free. Copilot respects permissions models within Microsoft 365 and uses encryption and monitoring to prevent unintended data exposure.
read also
Microsoft Copilot: a help or a burden?
Microsoft is bound within the EU by data and privacy laws such as the GDPR and the Data Boundary Act. That does not eliminate all concerns around storage and processing of personal data. Prompt injection and misuse of AI-generated content also pose challenges, as does integration with external applications and plug-ins.
A deliberate and controlled implementation is crucial to minimize risks. Microsoft wants to link Copilot inextricably with 365 apps, so denying access to Copilot will be futile in the long run. Set clear agreements and boundaries for what can and cannot be done and, if necessary, provide training to teach employees how to use AI tools responsibly.