Windows 10 breaches privacy, say Dutch regulators

The data protection authority has urged Microsoft to either disable telemetry by default or require users to opt in upon installation

The Dutch Data Protection Authority (DPA) has alleged Microsoft is breaching the country's data protection laws because it processes personal data of the country's citizens without clearly stating what it does with the information.

The DPA investigated how Microsoft collects and processes information on Windows 10 Home and Pro versions, saying the company fails to state what data it collects and how it uses it, and doesn't offer users the opportunity to give consent.

Microsoft collects data from users browsing the internet on its Edge browser, including information about the apps in use and which pages they are visiting if the user doesn't turn these off manually. The DPA argues that Microsoft should disable the tracking of such information by default rather than requiring users to turn it off via the settings 

"It turns out that Microsoft's operating system follows about every step you take on your computer. That results in an intrusive profile of yourself," according to Wilbert Tomesen, vice-chairman of the Dutch DPA. "What does that mean? Do people know about this, do they want this? Microsoft needs to give users a fair opportunity to decide about this themselves."

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

The DPA said there are four million devices actively using Windows 10 in the Netherlands, collecting telemetry data that the company claims is used to improve its products and services. However, it's also used to offer personalised advertising experiences and recommendations to Windows 10 users, which the company said is against its regulations.

"The way Microsoft collects data at the full telemetry level is unpredictable," Microsoft explained in a note on its website. "Microsoft can use the collected data for the various purposes, described in a very general way. Through this combination of purposes and the lack of transparency Microsoft cannot obtain a legal ground, such as consent, for the processing of data."

The DPA said Microsoft must change its policies to ask users whether they wish to opt in or out to telemetry upon installation in future.

Featured Resources

Digitally perfecting the supply chain

How new technologies are being leveraged to transform the manufacturing supply chain

Download now

Three keys to maximise application migration and modernisation success

Harness the benefits that modernised applications can offer

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

The 3 approaches of Breach and Attack Simulation technologies

A guide to the nuances of BAS, helping you stay one step ahead of cyber criminals

Download now
Advertisement

Most Popular

Visit/business-strategy/public-sector/354608/uk-gov-launches-ps300000-sen-edtech-initiative
public sector

UK gov launches £300,000 SEN EdTech initiative

22 Jan 2020
Visit/operating-systems/25802/17-windows-10-problems-and-how-to-fix-them
operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020
Visit/business-strategy/mergers-and-acquisitions/354602/xerox-to-nominate-directors-to-hps-board-reports
mergers and acquisitions

Xerox to nominate directors to HP's board – reports

22 Jan 2020
Visit/web-browser/30394/what-is-http-error-503-and-how-do-you-fix-it
web browser

What is HTTP error 503 and how do you fix it?

7 Jan 2020