Dutch data regulator warns Windows 10 still breaches user privacy

Unlawful data collection practices found despite company changes

The Dutch data protection regulator has accused Microsoft of remotely collecting data from Windows Pro and Windows 10 Home users in what could constitute yet another breach of EU data law.

The agency was testing changes to the company's data collection policies, introduced by Microsoft last year, when it discovered that diagnostic and non-diagnostic data was still being collected.

"A follow-up check by the Dutch DPA has shown that the changes have led to concrete improvements," the DPA said in a statement supplied to IT Pro. "Microsoft has complied with the agreements made. However, the check also brought to light that Microsoft is remotely collecting other data from users. As a result, Microsoft is still potentially in breach of privacy rules."

Details of the data collection have been passed over to the Irish Data Protection Commission, the local authority to Microsoft's EU headquarters.

Advertisement - Article continues below
Advertisement - Article continues below

The Dutch authority was the first to raise concerns about Microsoft's data collection habits, concluding in 2017 that the way Windows 10 operates was in breach of its local data laws. It found that Microsoft was collecting large volumes of application usage data, such as dwell time, how the user interacted with the app, and how often they are active, as well as data that tracked what sites were visited on its Edge browser.

Microsoft eventually agreed to make changes to its policy in April 2018, a month before GDPR came into force. It's those changes that the Dutch data regulator is now questioning, only this time data laws are now standardised across the bloc and present a much tougher front for Microsoft to contend with.

Microsoft said it will continue to work with the Irish authority to address any further concerns related to data privacy.

"Microsoft is committed to protecting our customers' privacy and putting them in control of their information," a statement to TechCrunch read. "Over recent years, in close coordination with the Dutch data protection authority, we have introduced a number of new privacy features to provide clear privacy choices and easy-to-use tools for our individual and small business users of Windows 10."

"We welcome the opportunity to improve even more the tools and choices we offer to these end users."

This is not the first time Microsoft has been warned about its data policies since the introduction of GDPR. In November 2018, the Dutch data authority urged users to ditch Office 365 and Windows Enterprise after it discovered eight high-risk collection practices, including the unlawful storage of sensitive data considered sensitive under GDPR, and keeping data beyond the allowed timeframe.

Advertisement - Article continues below

Following that incident, Microsoft agreed to adapt its products to comply with Dutch laws and GDPR, and agreed to supply regular reports on its progress.

Featured Resources

What you need to know about migrating to SAP S/4HANA

Factors to assess how and when to begin migration

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

Testing for compliance just became easier

How you can use technology to ensure compliance in your organisation

Download now

Best practices for implementing security awareness training

How to develop a security awareness programme that will actually change behaviour

Download now


data management

EU-US data transfer tools used by Facebook ruled legal

19 Dec 2019

Arcserve UDP 9240DR review: Beef up your backups

4 Apr 2019

Most Popular

data governance

Brexit security talks under threat after UK accused of illegally copying Schengen data

10 Jan 2020
web browser

What is HTTP error 503 and how do you fix it?

7 Jan 2020
Server & storage

Broadberry CyberServe R182-Z90 review: Gigabyte’s EPYC gamble pays off handsomely

7 Jan 2020
Microsoft Windows

Memes and Viking funerals: The internet reacts to the death of Windows 7

14 Jan 2020