What’s going on? In 2017, the Dutch data protection agency concluded that Microsoft’s Windows 10 operating system breaches local privacy law on account of its collection of telemetry metadata. Telemetry metadata is essentially the remote collection of specific sets or groupings of your data. According to the Dutch DPA:
- “Microsoft does not clearly inform users about the type of data it uses, and for which purpose.
- Also, people cannot provide valid consent for the processing of their personal data, because of the approach used by Microsoft.
- The company does not clearly inform users that it continuously collects personal data about the usage of apps and web surfing behaviour through its web browser Edge, when the default settings are used.”
Microsoft’s Reaction: After working with the Dutch regulators, in April of 2017 Microsoft made changes to how Windows 10 operated regarding personal data and privacy. Unfortunately, according to the same Dutch DPA, there are “new, potentially unlawful, instances of personal data processing”.
Why we’re still concerned: Microsoft still has the ability to collect and store all data if your consent is given in the correct way. Microsoft has made it so that when setting up your new laptop or computer that you are somewhat pushed into the direction of releasing your personal data to Microsoft to collect. Even their AI technology named “Cortana” helps push you at times into agreeing to Microsoft’s terms and conditions without properly reading through.
Takeaway: Microsoft states that they collect all of this diagnostic and nondiagnostic data to enhance and improve the consumers use of their product and to improve the performance of the product itself. It will be important to keep an eye on the DPA / DPC’s response for window users so we understand how much data and for what purpose is being tracked. We’ll keep you updated as we learn more…