Following a 2017 investigation by the Dutch Data Protection Authority (DPA), Microsoft made significant overhauls in its Windows 10 April 2018 Update to the way user telemetry data is collected. Though the changes included well-explained privacy settings toggles in the out -of-the-box Windows 10 setup experience, the same watchdog agency is once again raising new privacy concerns related to Windows 10.
As part of a routine follow-up to the original 2017 investigation, the Dutch DPA says in a press release that it has found “new, potentially unlawful instances of personal data processing” in Windows 10. Although the agency acknowledges Microsoft’s improved privacy protection features delivered in 2018, it still finds that Microsoft is “remotely collecting other data from users.”
It’s not clear what specific area of Windows 10 is being referred to, but newer versions of the Windows 10 operating system often collect user data for various purposes. This is typically done with explicit consent, as required by law. The Dutch DPA is calling for further investigation into the “privacy of Windows users”
Due to changes in the European Union by the General Data Protection Regulation (GDPR), it will refer its concerns to the Irish Data Protection Commission (DPC). According to Techcrunch, the DPC is already working with the DPA on the matter and “will shortly be engaging further with Microsoft to seek substantive responses on the concerns raised.”
Microsoft issued a response, saying it will work with the parties involved on this issue.
“We will work with the Irish Data Protection Commission to learn about any further questions or concerns it may have and to address any further questions and concerns as quickly as possible. Microsoft is committed to protecting our customers’ privacy and putting them in control of their information. Over recent years, in close coordination with the Dutch Data Protection Authority, we have introduced a number of new privacy features to provide clear privacy choices and easy-to-use tools for our individual and small business users of Windows 10. We welcome the opportunity to improve even more the tools and choices we offer to these end-users,” said Microsoft.
Microsoft could face up to a 4% fine of its global annual turnover if found to be in violation of the GDPR. The Dutch DPA recommends that users to pay attention to privacy settings when using Windows and installing software.
