Dutch DPA says Windows 10 breaches privacy laws
Telemetry is deemed too intrusiveBy Greg Synek 10 comments
According to the Dutch data protection authority, Windows 10 is in violation of local privacy laws concerning the use of automated data collection. Since the release of Windows 10, metadata has been transmitted to Microsoft using the built in telemetry feature with no clear option to completely opt out of all information sharing.
The Dutch DPA asserts that users are not well informed that their use of Edge browser and other apps is being logged and shared. DPA Vice-Chairman Wilbert Tomesen expresses that it is difficult for users to know the extent of personal data being shared creating "an intrusive profile" of individuals using the operating system.
Currently there are two options for telemetry data in Windows 10. Basic telemetry shares only very basic statistics on usage and is unlikely to contain any personally identifiable information. Full telemetry is considered highly intrusive by many and collects detailed app usage reports in addition to web browsing behaviors within Edge. Inkpad document contents can also be collected when full telemetry is enabled.
Although collection of data is a generally unpopular practice from a consumer standpoint, Microsoft does have valid uses and benefits from collecting extensive metadata. Finding and correcting errors as well as determining which features are most used helps improve the operating system. For users that have not opted out of personalized recommendations, Microsoft can display targeted advertising in the start menu, Edge, and other apps.
As a resolution to the matter, the DPA proposes that Microsoft clarify the extent and use of all data being collected. Displaying a brief description on installation pages is not detailed enough for a compliance endorsement by the DPA. A request has been made to change the default setting from full telemetry to force users to choose a setting for themselves.