Windows 10: Microsoft is violating Dutch privacy law by processing users' data using the Windows 10 operating system, the country's data protection agency said.
On Friday (today), the Dutch Data Protection Authority (DPA), Autoriteir Persoonsgegevens said Microsoft does not inform users of Windows 10 Home and Windows 10 Pro about the personal data it collects and why it does.
They also reported that the company does not allow users to consent to the processing of their personal data. It is not known in what ways the data is used, now and in the future.
The Privacy Authority added that Microsoft "does not explicitly inform users that it is constantly collecting personal data relating to the use of the application and its Internet browsing behavior when the default settings are used."
"It turns out that the Microsoft operating system follows every step you take on your computer."
"It results in building a profile of yourself," said Wilbert Tomesen, vice president of the regulator.
Just as it happened with an investigation by the French regulatory authority on the data collection of Windows 10, a big part of the problem is that the data telemetrys. The system data that Microsoft uses to diagnose and fix errors and to collect information about its products can also be classified as “personal data” when it is linked to a specific user.
The data includes information about the installed applications, how often they are used, and information about the user's behavior on the web.
The Authority stated that Microsoft offers two levels of telemetry: basic and full. At the base level, limited data are being processed to use the device, but full telemetry makes detailed data processing of apps as well as navigational behaviors through Edge and inkpad.
"The way Microsoft collects data at full telemetry level is unpredictable. Microsoft may use the collected data for various purposes that are described in a very general way. "Through this generality and lack of transparency, Microsoft cannot have a legal background without a consent to the processing of data," he said.
The Dutch DPA warned that after Microsoft promised to end its "violations", if it does not keep its promise, sanctions will be imposed on the company.
In response, Marisa Rogers, who is responsible for the protection of personal data in Windows, said that the company gives priority to compliance with the Dutch data protection law, but that it also has "specific concerns about the accuracy of certain conclusions of the Dutch DPA . ”
