Dutch data regulator warns Windows 10 still breaches user privacy

Unlawful data collection practices found despite company changes

The Dutch data protection regulator has accused Microsoft of remotely collecting data from Windows Pro and Windows 10 Home users in what could constitute yet another breach of EU data law.

The agency was testing changes to the company's data collection policies, introduced by Microsoft last year, when it discovered that diagnostic and non-diagnostic data was still being collected.

"A follow-up check by the Dutch DPA has shown that the changes have led to concrete improvements," the DPA said in a statement supplied to IT Pro. "Microsoft has complied with the agreements made. However, the check also brought to light that Microsoft is remotely collecting other data from users. As a result, Microsoft is still potentially in breach of privacy rules."

Details of the data collection have been passed over to the Irish Data Protection Commission, the local authority to Microsoft's EU headquarters.

Advertisement - Article continues below
Advertisement - Article continues below

The Dutch authority was the first to raise concerns about Microsoft's data collection habits, concluding in 2017 that the way Windows 10 operates was in breach of its local data laws. It found that Microsoft was collecting large volumes of application usage data, such as dwell time, how the user interacted with the app, and how often they are active, as well as data that tracked what sites were visited on its Edge browser.

Microsoft eventually agreed to make changes to its policy in April 2018, a month before GDPR came into force. It's those changes that the Dutch data regulator is now questioning, only this time data laws are now standardised across the bloc and present a much tougher front for Microsoft to contend with.

Microsoft said it will continue to work with the Irish authority to address any further concerns related to data privacy.

"Microsoft is committed to protecting our customers' privacy and putting them in control of their information," a statement to TechCrunch read. "Over recent years, in close coordination with the Dutch data protection authority, we have introduced a number of new privacy features to provide clear privacy choices and easy-to-use tools for our individual and small business users of Windows 10."

"We welcome the opportunity to improve even more the tools and choices we offer to these end users."

This is not the first time Microsoft has been warned about its data policies since the introduction of GDPR. In November 2018, the Dutch data authority urged users to ditch Office 365 and Windows Enterprise after it discovered eight high-risk collection practices, including the unlawful storage of sensitive data considered sensitive under GDPR, and keeping data beyond the allowed timeframe.

Advertisement - Article continues below

Following that incident, Microsoft agreed to adapt its products to comply with Dutch laws and GDPR, and agreed to supply regular reports on its progress.

Featured Resources

Digital Risk Report 2020

A global view into the impact of digital transformation on risk and security management

Download now

6 ways your business could suffer if you don’t backup Office 365

Office 365 makes it easy to lose valuable data regularly, unpredictably, unintentionally, and for good

Download now

Get the best out of your workforce

7 steps to unleashing their true potential with robotic process automation

Download now

8 digital best practices for IT professionals

Don't leave anything to chance when going digital

Download now


data management

EU-US data transfer tools used by Facebook ruled legal

19 Dec 2019

Arcserve UDP 9240DR review: Beef up your backups

4 Apr 2019

Most Popular


How to use Chromecast without Wi-Fi

5 Feb 2020
artificial intelligence (AI)

AI identifies 11 earth-bound asteroids

18 Feb 2020
operating systems

How to fix a stuck Windows 10 update

12 Feb 2020

The top ten password-cracking techniques used by hackers

10 Feb 2020