Microsoft’s Windows 10 operating system has long been a target for privacy advocates and government regulators, and even as the desktop OS has already become more than four years old. The Dutch Data Protection Agency (DPA) has asked the Irish Data Protection Commision (DPC) to investigate concerns over Windows 10’s telemetry metadata collection.
As a recap, the DPA initially investigated Microsoft back in 2017 over its data collection methods, later saying that it was in violation of local privacy laws. The company has worked with the agency, however new concerns were raised in a followup investigation of the changes with the agency calling what it found as “new, potentially unlawful, instances of personal data processing.”
As such, the agency has requested the DPC, Microsoft European privacy regulator in enforcing the country’s General Data Protection Regulation (GDPR), to investigate the matter. A spokeswoman for the DPC confirmed the DPA’s request to TechCrunch, explaining that:
“Since then the DPC has been liaising with the Dutch DPA to further this matter. The DPC has had preliminary engagement with Microsoft and, with the assistance of the Dutch authority, we will shortly be engaging further with Microsoft to seek substantive responses on the concerns raised.”
Microsoft explained in a statement also provided to TechCrunch that it will continue to comply with the DPC, saying:
“The Dutch data protection authority has in the past brought data protection concerns to our attention, which related to the consumer versions of Windows 10, Windows 10 Home and Pro. We will work with the Irish Data Protection Commission to learn about any further questions or concerns it may have, and to address any further questions and concerns as quickly as possible.
“Microsoft is committed to protecting our customers’ privacy and putting them in control of their information. Over recent years, in close coordination with the Dutch data protection authority, we have introduced a number of new privacy features to provide clear privacy choices and easy-to-use tools for our individual and small business users of Windows 10. We welcome the opportunity to improve even more the tools and choices we offer to these end users.”
If Microsoft is found in violation of the GDPR regulations, it could potentially face penalties of up to 4% of its annual global turnover. In the meantime, the DPA recommends users to pay close attention to their privacy settings. It further explained:
“Microsoft is permitted to process personal data if consent has been given in the correct way. We’ve found that Microsoft collect diagnostic and non-diagnostic data. We’d like to know if it is necessary to collect the non-diagnostic data and if users are well informed about this.
“Does Microsoft collect more data than they need to (think about dataminimalization as a base principle of the GDPR). Those questions can only be answered after further examination.”
What do you think about the privacy settings of Windows 10? Do you have concerns of your own that you’d like to share? Let us know in the comments.
Further reading: data privacy, GDPR, Microsoft, Windows 10