The Dutch Data Protection Agency is worried about Windows 10 privacy concerns, so it asks its Irish counterpart to investigate the new aspects of Microsoft’s Windows 10 telemetry data collection, which can make Microsoft face a GDPR penalty.
Windows 10 Privacy Investigation
In 2017, the Dutch Data Protection Agency found that Microsoft did not tell Windows 10 Home and Pro users what personal data was collected and how it would be used, and did not give users specific consent, which violated local privacy laws.
However, Microsoft hasn’t received the highest fine imposed by the European Privacy Regulations in accordance with the EU’s General Data Protection Regulations (GDPR).
After repeated discussions with regulators, Microsoft made changes in April last year. However, through testing, DPA said that although Microsoft has made changes, DPA still found that Microsoft is collecting data from users remotely. And this is likely to represent Microsoft's violation of privacy rules.
The Dutch Data Protection Agency is now asking its Irish counterparts to investigate new aspects of Windows 10 telemetry data collection. If confirmed, Microsoft is likely to face a GDPR penalty because the Dutch Data Protection Agency has implemented a new agreement in the EU – penalties for violations Up to 4% of the company's annual global turnover.
The Irish Data Protection Committee (DPC) said: “The DPC has had preliminary engagement with Microsoft and, with the assistance of the Dutch authority, we will shortly be engaging further with Microsoft to seek substantive responses on the concerns raised,”
It is not known whether Microsoft violates the GDPR rule because the company can process personal data in the correct way with the user's consent, but the software manufacturer also collects diagnostic and non-diagnostic data.
Therefore, the watchdogs said that they want to perform a Windows 10 privacy investigation to figure out if it is necessary for Microsoft to collect non-diagnostic data and whether users know it, and they can only answer the question after further examination that whether Microsoft collects more data that exceeds their needs.
About this Windows 10 privacy investigation, Microsoft said that the Dutch data protection authority has made it care about the data protection concerns in the past, which are related to Windows 10, Windows 10 Home and Pro users. In order to understand and resolve any further issues or concerns that may exist with Windows 10, Microsoft will work with the Irish Data Protection Commission.
Microsoft also said that it has been committed to protecting the privacy of its customers and letting users control their own information. In addition, it has worked closely with the Dutch data protection agency to launch many new privacy features and easy-to-use tools for its individual and small business users of Windows 10.
In response, Microsoft said it has introduced new privacy controls for Windows 10, but there are still many Windows 10 users who doubt the way Microsoft collects data. Privacy activists believe that Microsoft does not obtain the user's consent in the right way, and also encourages users to agree.
In the Windows 10 entry process, Microsoft has proposed multiple requests for processing user data for a variety of reasons, including ad purposes. In addition, Microsoft uses its digital assistant technology, Cortana, to push user consent – to provide a running commentary on the settings screen, including some suggestive prompts to agree its T&Cs such as “If you don't agree, you know, no Windows!”.
Windows 10 version 1909 is available to about 10% of insiders now, which is more about testing how it releases Windows 10 than providing new features.