Microsoft's Windows 10 reportedly breaches data protection laws in the Netherlands

In what appears to be an ongoing discussion between software giant Microsoft and Dutch privacy watchdog, the Netherlands Data Protection Authority (DPA) over how Windows 10 collects user data, there is now a possibility that Microsoft could change the way it collects data for everyone.

The Microsoft logo. Reuters.

The Microsoft logo. Reuters.

While the discussions are still on, there seems to be a possibility that Microsoft would not tweak it privacy policy in the Netherlands, but make bigger changes to the way it collects 'telemetry data' globally in the coming Fall Creators Update.

What the DPA is referring to in its report, is not just the details of the data is being collected, but how Microsoft did not inform users about the type of data it uses, and for what purpose it uses the same. Part of the official statement on the DPA website reads, "The company does not clearly inform users that it continuously collects personal data about the usage of apps and web surfing behaviour though its web browser Edge, when the default settings are used."

The Dutch authority claims that Microsoft needs to obtain valid consent.

"Microsoft needs to obtain valid consent from users to process their personal data. Therefore, people must be well informed and need to know precisely to what they say yes. This is not the case. The information that Microsoft provides in the installation screen of the Creators Update about the different choices for data processing, falls short.  It is not made sufficiently clear that at the full telemetry level, Microsoft continuously collects data about the usage of apps and web surfing behaviour through Edge, including for example news articles that have been read and locations entered into apps.

Through the chosen approach Microsoft also does not obtain unambiguous consent. Microsoft uses opt-out options. On installation the telemetry level is set to full by default and the user is asked to accept the offered settings. Also, it is switched on by default that Microsoft may use the telemetry data to show personalised advertisements and recommendations in Windows and Edge, and that app developers may show personalised ads  in apps. If  a person does not actively change the default settings during installation, it does not mean he or she thereby gives consent for the use of his or her personal data." reads the official statement by the Dutch Data Protection Authority (DPA) .

Microsoft has however, taken its own stand, claiming that Windows 10 is already compliant under Dutch law.

"This year we have released a new privacy dashboard and several new privacy features to provide clear choices to our customers and easy-to-use tools in Windows 10. Next week, we have even more privacy improvements coming in the Fall Creators Update.

We welcome the opportunity to continue to work with the Dutch DPA on their comments related to Windows 10 Home and Pro, and we will continue to cooperate with the DPA to find appropriate solutions." reads the statement by Marisa Rogers, Windows and Devices group privacy officer.

The Netherlands are host to over 4 million active devices that run the Windows 10 Home and Pro software.


Published Date: Oct 17, 2017 08:17 am | Updated Date: Oct 17, 2017 08:17 am