Microsoft Windows 10 Violates Privacy Laws, Lacks Consumer Transparency Says Dutch Privacy Authority

Windows 10 Privacy Concerns
This isn't the first time that Windows 10 has come under attack from government regulators, and it probably won't be the last. Autoriteir Persoonsgegevens, the Data Protection Authority (DPA) for the Netherlands, is accusing Microsoft of violating data protection laws with the Windows 10 Home and Windows 10 Pro operating systems.

The Dutch DPA alleges that Microsoft is doing a poor job of informing customers of the type of data that it collects, and how their personal data is used by the company. The Dutch DPA goes on to state that Microsoft does not inform customers that it continuously collects personal data with regards to app usage and internet browsing behavior through the Microsoft Edge web browser (under the default configuration settings in Windows 10).

"Due to Microsoft's approach users lack control of their data," claims the DPA. "They are not informed which data are being used for what purpose, neither that based on these data, personalized advertisements and recommendations can be presented, if those users have not opted out from these default settings on installation or afterwards."

Microsoft Privacy 2

The Dutch DPA also states that while Microsoft has taken additional steps to improve transparency on its data collection in Windows 10 -- thanks to the Creators Update -- it still falls short of providing specifics that could give customers a clearer picture of how their data is being used.

"Microsoft offers users an overview of the categories of data that it collects through basic telemetry, but only informs people in a general way, with examples, about the categories of personal data it collects through full telemetry," the Dutch DPA continues. "Through this combination of purposes and the lack of transparency Microsoft cannot obtain a legal ground, such as consent, for the processing of data."

Also at issue is the fact that Microsoft uses an "opt-out" method when it comes to consent for data collection in the Windows 10 Creators Update. In other words, Microsoft's telemetry settings are set at the default level upon installation of Windows 10, and that also means that personalized advertisements and recommendations are sprinkled throughout the operating system.

Windows 10 Privacy Options General Settings

However, the Dutch DPA believes that since Microsoft doesn't explain in great detail what these settings do, customers may not be inclined to turn off these features. Most people simply click through option boxes hoping to get through to the end of the Windows 10 installation as soon as possible, and Microsoft is probably banking on this behavior to keep its preferred telemetry settings intact.

"If a person does not actively change the default settings during installation, it does not mean he or she thereby gives consent for the use of his or her personal data," adds the Dutch DPA.

For its part, Microsoft's Maris Rogers counters that "Windows collects data so that we can be responsive to your needs and interests." She also goes on to state that just as Microsoft has worked with French and Swiss data protection agencies to tweak its Windows 10 telemetry settings to comply with local ordinances, it is also willing to work with the Dutch DPA.

"We welcome the opportunity to continue to work with the Dutch DPA on their comments related to Windows 10 Home and Pro, and we will continue to cooperate with the DPA to find appropriate solutions," said Rogers. "We have also shared specific concerns with the Dutch DPA about the accuracy of some of its findings and conclusions."