Windows 10: Microsoft is violating Dutch privacy law by processing users' data using the Windows 10 operating system, the country's data protection agency said.
On Friday (today), the Dutch Data Protection Authority (DPA), Autoriteir Persoonsgegevens said Microsoft does not inform users of Windows 10 Home and Windows 10 Pro about the personal data it collects and why it does.
They also stated that the company does not allow users to give their consent to the processing of their personal data. It is not known in what ways the data is used, now and in the future.
The Privacy Authority added that Microsoft "does not explicitly inform users that it is constantly collecting personal data relating to the use of the application and its Internet browsing behavior when the default settings are used."
"It turns out that the Microsoft operating system follows every step you take on your computer."
"It results in building a profile of yourself," said Wilbert Tomesen, vice president of the regulator.
Just as with a French regulatory inquiry into Windows 10 data collection, much of the problem is that telemetry data. The system data used by Microsoft to detect and fix errors and collect information about its products can also be termed "personal data" when associated with a specific user.
The data includes information about the installed applications, how often they are used, and information about the user's behavior on the web.
The Authority stated that Microsoft offers two levels of telemetry: basic and full. At the base level, limited data are being processed to use the device, but full telemetry makes detailed data processing of apps as well as navigational behaviors through Edge and inkpad.
"The way Microsoft collects data at full telemetry level is unpredictable. Microsoft may use the collected data for various purposes that are described in a very general way. "Through this generality and lack of transparency, Microsoft cannot have a legal background without a consent to the processing of data," he said.
The Dutch DPA warned that after Microsoft promised to end its "violations", if it does not keep its promise, sanctions will be imposed on the company.
In response, Marisa Rogers, who is responsible for the protection of personal data in Windows, said that the company gives priority to compliance with the Dutch data protection law, but that it also has "specific concerns about the accuracy of certain conclusions of the Dutch DPA . ”