Microsoft is once again under a regulatory spotlight in Europe, this time with authorities in the Netherlands. The company is accused by the Dutch data protection authority (DPA) of breaching laws over the way it processes personal data of Windows 10 users.
The Dutch DPA, Autoriteir Persoongegevens said on Friday Microsoft is failing to tell Windows 10 Home and Pro customers which data the platform collects. Regulators also claim the company muddies the process of giving users proper ways to validate consent for personal data collection.
In its statement, the watchdog said Windows 10 “does not clearly inform users that it continuously collects personal data about the usage of apps and web surfing behaviour through its web browser Edge, when the default settings are used”.
“It turns out that Microsoft's operating system follows about every step you take on your computer. That results in an intrusive profile of yourself,” says Wilbert Tomesen, the DPA vice-chairman. “What does that mean? Do people know about this, do they want this? Microsoft needs to give users a fair opportunity to decide about this themselves.”
Data information Microsoft collects about users includes app use and installations, and browser behaviour. The Autoriteir Persoongegevens says Windows 10 comes with basic and full telemetry. The basic level gathers data about device use, but the full telemetry contains more personal data as mentioned above.
Microsoft does provide a basic overview of data collection categories, but does not offer in-depth information for consumers.
“The way Microsoft collects data at the full telemetry level is unpredictable. Microsoft can use the collected data for the various purposes, described in a very general way. Through this combination of purposes and the lack of transparency Microsoft cannot obtain a legal ground, such as consent, for the processing of data,” it said.
Microsoft vs. Europe
In fact, that should be the tech industry vs. Europe. Nations in the EU and the European Commission (the continent's regulatory body) have taken a dim view of what they see as companies defying regulations.
Microsoft has not escaped the wrath of the Commission. Just recently, the company was reported by Kaspersky Lab because of the way Windows 10 handles third-party anti-virus software. In that case, Microsoft made the necessary changes, so Kaspersky dropped the case.
In Switzerland, Microsoft was forced to change data protection policies in Windows 10 to avoid court action from regulators in the country.