Windows 10's data-gathering changes don't satisfy European privacy watchdogs
European Union privacy watchdogs are still not happy with Windows 10’s gathering of data about its users, over a year after they first wrote to Microsoft to complain.
While the company has developed ways to give users more control over what data is collected, their consent to its collection cannot be valid without further explanation, according to the Article 29 Working Party, an umbrella body for the EU’s national privacy regulators.
The working party welcomed Microsoft’s introduction of five new options in Windows 10 to limit or switch off certain kinds of data processing, but said they provided insufficient information about their operation.
“It is not clear to what extent both new and existing users will be informed about the specific data that are being collected and processed under each of the functionalities,” the working party said in a letter to Microsoft’s Chief Privacy Officer Brendon Lynch and CEO Satya Nadella last week.
The letter, published on the working party’s website Monday, gently lampooned one of Microsoft’s descriptions.
“The proposed new explanation when, for example, a user switches the level of telemetry data from ‘full’ to ‘basic’ that Microsoft will collect ‘less data’ is insufficient without further explanation. Such information currently is also not available in the current version of the privacy policy,” it said.
The privacy regulators also called on Microsoft to explain what kinds of personal data are processed for what purposes.
“Without such information, consent cannot be informed, and therefore, not valid,” they wrote.
The working party first wrote to Lynch and Nadella in January 2016 calling for changes to Windows 10’s handling of personal information.
Microsoft announced its plans to change Windows 10’s privacy settings in a blog posting in January 2017, saying that they would be included in its “Creators Update.”
The working party can’t impose any penalties on Microsoft itself, but it acts as the mouthpiece for national data protection authorities across the EU and can recommend they take action. Seven authorities are investigating Windows 10’s data gathering, led by the DPA for the German state of Bavaria. The other authorities holding inquiries are France, Hungary, the Netherlands, Slovenia, Spain and the U.K.