Windows 10: Microsoft is violating Dutch privacy law by processing users' data using the Windows 10 operating system, the country's data protection agency said.
On Friday (today), the Dutch Data Protection Authority (DPA), Autoriteir Persoonsgegevens said Microsoft does not inform users of Windows 10 Home and Windows 10 Pro about the personal data it collects and why it does.
They also stated that the company does not allow users to give their consent to the processing of their personal data. It is not known in what ways the data is used, now and in the future.
The Privacy Authority added that Microsoft "does not explicitly inform users that it is constantly collecting personal data relating to the use of the application and its Internet browsing behavior when the default settings are used."
"It turns out that the Microsoft operating system follows every step you take on your computer."
"It results in building a profile of yourself," said Wilbert Tomesen, vice president of the regulator.
As was the case with an investigation by the French regulator into Windows 10 data collection, a large part of the problem is that telemetry data. System data that Microsoft uses to diagnose and fix errors and collect information about products can also be characterized as "personal data" when they are linked to a specific user.
The data includes information about the installed applications, how often they are used, and information about the user's behavior on the web.
The Authority stated that Microsoft offers two telemetry levels: basic and full. At the basic level, limited data is processed for the use of the device, but with full telemetry, detailed data is processed regarding the use of applications as well as navigation behaviors through Edge and also through the inkpad.
"The way Microsoft collects data at full telemetry level is unpredictable. Microsoft may use the collected data for various purposes that are described in a very general way. "Through this generality and lack of transparency, Microsoft cannot have a legal background without a consent to the processing of data," he said.
The Dutch DPA warned that after Microsoft promised to end its "violations", if it does not keep its promise, sanctions will be imposed on the company.
In response, Marisa Rogers, who is responsible for the protection of personal data at Windows, said that the company gives priority in complying with Dutch data protection law, but that it also has “specific concerns about the accuracy of some of the conclusions of the Dutch DPA.”