The city of Hanover blew €324,000 on Microsoft 365 Education licenses they can't use because they signed the wrong privacy agreement. Reddit sysadmins react.
What's up, fellow code monkeys and sysadmins? What's your absolute worst nightmare at work? Dropping the production DB? Pushing untested code on a Friday afternoon? Nah. Try blowing a third of a million bucks on software licenses you literally cannot use. Grab your coffee, because the local government of Hanover, Germany, just delivered a masterclass in bureaucratic failure.
So here's the tea: The city of Hanover dropped €324,000 on 60,000 Microsoft 365 Education licenses intended for their schools in 2025. Sounds like a solid move to prep kids for the corporate grind, right? Well, plot twist: They can't use a single one of them because they violate youth data protection laws.
How does that even happen? Someone fumbled the paperwork big time. Instead of signing the specific Data Processing Agreement (DPA) required for educational environments, they blindly signed the standard corporate one.
But wait, it gets better. No Data Protection Officer reviewed this before they clicked "Buy." They only did a Data Protection Impact Assessment (DPIA) after the cash left the bank. If they had done it beforehand, they would've known they needed the stricter DPA.
Now, the whole rollout is delayed indefinitely. They have to do a proper DPIA, pick the right DPA, and reportedly, re-purchase the licenses on the correct legal basis. Yes, you heard that right. Burning money!
While the original news article subtly tries to deflect some blame onto Microsoft, the r/sysadmin folks on Reddit are having absolutely none of it. The community is split into a few hilarious camps:
The "Gov IT is a Joke" Camp: Most users are just astounded by the sheer incompetence. "Just kinda amazing you can spend a third of a million dollars without knowing what you're doing," one user noted. The blame lies squarely on the local government's lack of due diligence.
The "Microsoft Would Fix This" Camp: Veteran sysadmins are calling BS on the "must repurchase" claim. Microsoft isn't usually evil enough to double-charge for a backend paperwork error. The consensus? They probably bought through a lazy middleman (MSP) who doesn't want to deal with the legwork to fix the agreement. It's a signature issue, not a literal license issue.
The Math Geeks: One sharp user did the math and exposed a darker truth. €324k for 60k licenses over a 1-year term is dirt cheap (€0.45/user/month). But by the time Hanover wades through the local government red tape to re-do their DPIA and DPA, the 1-year license term will likely expire anyway. So yeah, technically, they will have to buy them again because time ran out!
We're just watching from the sidelines with our popcorn, but there's a serious survival lesson here for us techies in the trenches.
First, compliance isn't just a corporate buzzword. When it comes to GDPR and kids' data, you do not play the "move fast and break things" game. You do the paperwork first, or you don't do it at all.
Second, don't let management force you into making massive purchases without legal or compliance sign-off. In many schools and SMBs, the lone IT guy (or even a random teacher) gets tasked with buying software. When audits happen and things hit the fan, guess who gets thrown under the bus?
Bottom line: If there's a big budget involved, always get it in writing. "Hey boss, can you review and approve this?" Let the suits take the fall. Stay safe out there, nerds!
Source: Reddit
