Top Banner

Dutch regulator calls for re-investigation of Microsoft privacy practices

The Dutch Data Protection Authority (DPA) has called for the launch of a new investigation into Microsoft’s privacy practices.

The DPA recognizes that data is now being processed in different ways, some of which may be unlawful, leaving the data of Windows users in potential danger. This is vital in the fast-paced tech environment as everything is constantly changing; regulators are obliged to revise laws that are in line with new technologies.

The DPA previously launched an investigation into Microsoft back in 2017 where they found that Windows Home and Pro unlawfully processed personal data through telemetry which violated the privacy of their users. As a result, Microsoft improved the privacy for its users by making some changes to Windows.

While Microsoft complied with the agreements they previously made and although this measure led to greater improvement, the DPA found that Microsoft collected data from its remote users. This would mean that they are still violating privacy rules. The agency stated in a release that they found “new, potentially unlawful instances of personal data processing”.

Since the DPA’s investigation of Windows 10 started, the General Data Protection Regulation (GDPR) was enforced in Europe. According to the GDPR, the country in which the company’s HQ is based will be responsible for launching investigations into data privacy practices of that respective company, meaning that since Microsoft is based in Ireland, their data privacy authority, Data Protection Commission (DPC) will take charge. This is why the Dutch agency has referred to them about their latest concerns on the matter.

A spokesperson for the Irish DPC stated, “Since then the DPC has been liaising with the Dutch DPA to further this matter. The DPC has had preliminary engagement with Microsoft and, with the assistance of the Dutch authority, we will shortly be engaging further with Microsoft to seek substantive responses on the concerns raised.”

A Microsoft spokesperson commented on the matter: “Microsoft is committed to protecting our customers’ privacy and putting them in control of their information. Over recent years, in close coordination with the Dutch data protection authority, we have introduced a number of new privacy features to provide clear privacy choices and easy-to-use tools for our individual and small business users of Windows 10. We welcome the opportunity to improve even more the tools and choices we offer these end users.”

The DPA has advised Windows 10 users to pay attention to the privacy settings.

“Microsoft is permitted to process personal data if consent has been given in the correct way. We’ve found that Microsoft collect diagnostic and non-diagnostic data. We’d like to know if it is necessary to collect the non-diagnostic data and if users are well-informed about this,” said a DPA spokesperson.