EU Data-Privacy Regulator Raises Concerns About Windows 10
By Matt Day. Updated February 22, 2017.
The European Union's data-protection watchdog says it still has concerns about the information Microsoft is collecting from users of its Windows 10 operating system.
The EU regulator sent Microsoft a letter a year ago raising concerns that the operating system didn't give users enough information or control over what data was being scooped up and sent to the Redmond company's servers.
Microsoft subsequently introduced an expanded settings menu that gives people installing the software more information on data privacy, but the EU's Article 29 Working Party said last week that the changes don't include enough disclosures to customers.
The group "remains concerned about the level of protection of users' personal data," Isabel Falque-Pierrotin, chair of the working party, said in a letter sent to Microsoft CEO Satya Nadella and company privacy czar Brendon Lynch. The regulator disclosed the letter Tuesday.
It is not clear, Falque-Pierrotin said, to what extent users will be informed about specific data Windows 10 collects. And the new settings leave much to be desired in their specificity, she said.
A Microsoft setting gives users the option to toggle from "full" telemetry data collection to a "basic" level, Falque-Pierrotin wrote. Microsoft's explanation to users says that means the company will collect "less data," without further explanation.
"Microsoft should clearly explain what kinds of personal data are processed for what purposes," the letter said. "Without such information, consent cannot be informed, and therefore, not valid."
In a statement Tuesday, Microsoft said it was listening carefully to comments from the EU and "will continue to cooperate with the Working Party and national data-protection agencies."
The statement said Microsoft's views on protection of user data in Windows 10 were contained in a blog post published in January by Microsoft Windows and Devices chief Terry Myerson. Myerson, outlining coming changes to the operating system's data-notification settings, said the company strives to "make choices easy to understand while also providing clear visibility and control over your data."
It's unclear if Myerson's post, published more than a month before the latest EU letter, was meant to respond as well to the concerns the Working Party relayed last week.
Privacy concerns have dogged Microsoft since the launch of its latest personal computer operating system in 2015.
The software by default sends to the company system settings and application usage data, which Microsoft says is made anonymous by removing identifying information.
Separately, personal data like records of the common words customers type into text messages, or the information people give the Cortana digital assistant, is also gathered.
The company says it does not go through email and other correspondence for the purpose of trying to target advertising to users.
In addition to the EU's interest, at least seven European countries, including Germany, the U.K. and France, have started investigating the operating system, Falque-Pierrotin's letter said. The German state of Bavaria is coordinating collaboration between the separate probes.