Microsoft Windows 10 Violates Privacy Laws, Lacks Consumer Transparency Says Dutch Privacy Authority
The Dutch DPA alleges that Microsoft is doing a poor job of informing customers of the type of data that it collects, and how their personal data is used by the company. The Dutch DPA goes on to state that Microsoft does not inform customers that it continuously collects personal data with regards to app usage and internet browsing behavior through the Microsoft Edge web browser (under the default configuration settings in Windows 10).
"Due to Microsoft's approach users lack control of their data," claims the DPA. "They are not informed which data are being used for what purpose, neither that based on these data, personalized advertisements and recommendations can be presented, if those users have not opted out from these default settings on installation or afterwards."
The Dutch DPA also states that while Microsoft has taken additional steps to improve transparency on its data collection in Windows 10 -- thanks to the Creators Update -- it still falls short of providing specifics that could give customers a clearer picture of how their data is being used.
"Microsoft offers users an overview of the categories of data that it collects through basic telemetry, but only informs people in a general way, with examples, about the categories of personal data it collects through full telemetry," the Dutch DPA continues. "Through this combination of purposes and the lack of transparency Microsoft cannot obtain a legal ground, such as consent, for the processing of data."
Also at issue is the fact that Microsoft uses an "opt-out" method when it comes to consent for data collection in the Windows 10 Creators Update. In other words, Microsoft's telemetry settings are set at the default level upon installation of Windows 10, and that also means that personalized advertisements and recommendations are sprinkled throughout the operating system.
However, the Dutch DPA believes that since Microsoft doesn't explain in great detail what these settings do, customers may not be inclined to turn off these features. Most people simply click through option boxes hoping to get through to the end of the Windows 10 installation as soon as possible, and Microsoft is probably banking on this behavior to keep its preferred telemetry settings intact.
"If a person does not actively change the default settings during installation, it does not mean he or she thereby gives consent for the use of his or her personal data," adds the Dutch DPA.
For its part, Microsoft's Maris Rogers counters that "Windows collects data so that we can be responsive to your needs and interests." She also goes on to state that just as Microsoft has worked with French and Swiss data protection agencies to tweak its Windows 10 telemetry settings to comply with local ordinances, it is also willing to work with the Dutch DPA.
"We welcome the opportunity to continue to work with the Dutch DPA on their comments related to Windows 10 Home and Pro, and we will continue to cooperate with the DPA to find appropriate solutions," said Rogers. "We have also shared specific concerns with the Dutch DPA about the accuracy of some of its findings and conclusions."