Skip to main content

Dutch Agency: Windows 10 Violates User Privacy

(Image credit: RoSonic / Shutterstock.com)

Updated, 8/29/19, 6:55am PT: The Irish Data Protection Commission responded to our request for comment with the following statement. "The data protection concerns regarding Microsoft Windows were communicated to the Irish Data Protection Commission (DPC) by the Dutch Data Protection Authority in July. Since then the DPC has been liaising with the Dutch DPA to further this matter. The DPC has had preliminary engagement with Microsoft and, with the assistance of the Dutch authority, we will shortly be engaging further with Microsoft to seek substantive responses on the concerns raised.” The commission didn't offer further details about what exactly the DPA was concerned about or how the investigation will proceed.

Updated, 8/28/19, 12:57 p.m. PT: Microsoft responded to our request for comment; the company's statement can be found below.

Original article, 8/28/19, 10:32 a.m. PT: 

Microsoft's attempts to appease European Union regulators have fallen short. The Dutch Data Protection Agency (DPA) announced yesterday that it asked the Irish Data Protection Commission (DPC) to investigate "new, potentially unlawful, instances of personal data processing” in Windows 10.

The DPA originally complained about Windows 10's data collection in 2017. Microsoft responded by improving the operating system's privacy with the Windows 10 April 2018 Update, but in doing so it also introduced "new processing of personal data that might be unlawful," as the DPA put it. (The agency's announcement was only published in Dutch; an English translation was not available at time of writing.) So it wants the DPC to investigate.

Dutch regulators can't investigate these claims themselves because Microsoft, like many U.S. tech companies looking to enjoy low tax rates, headquartered its European business in Ireland. Call it the luck of the Irish: now the DPC must serve as a go-between for the DPA and Microsoft. TechCrunch reported yesterday that the DPC confirmed the DPA's announcement and said it's had "preliminary engagement with Microsoft."

Neither the DPA nor the DPC have elaborated on how Microsoft's updates to Windows 10 allegedly introduced new privacy violations. The DPA only said in its announcement that it "advises users of Windows to pay close attention to privacy settings when installing and using this software" because "Microsoft may process personal data at the moment that permission has been requested for this in the correct manner." (Per Google Translate.)

We've reached out to the DPC and Microsoft for more information about the DPA's complaints. Microsoft responded with the following statement:

“The Dutch data protection authority has in the past brought data protection concerns to our attention, which related to the consumer versions of Windows 10, Windows 10 Home and Pro. We will work with the Irish Data Protection Commission to learn about any further questions or concerns it may have, and to address any further questions and concerns as quickly as possible. [...] Microsoft is committed to protecting our customers’ privacy and putting them in control of their information. Over recent years, in close coordination with the Dutch data protection authority, we have introduced a number of new privacy features to provide clear privacy choices and easy-to-use tools for our individual and small business users of Windows 10.  We welcome the opportunity to improve even more the tools and choices we offer to these end users.”

Windows 10 has suffered numerous privacy issues since its debut, which is why we advise people to make sure every privacy-related setting is set to "off" when they set up a new PC. Whether the DPC's investigation results in changes to Windows 10 or its default remains to be seen.

  • The Net Avenger
    "Windows 10 has suffered?rel=ugc]https://www.tomshardware.com/news/microsoft-privacy-windows-creators-update,34066.html']suffered numerous privacy issues?rel=ugc]https://www.tomshardware.com/news/windows-10-stores-app-usage-activity-history,38234.html']issues since its debut, which is why we advise people to make sure every privacy-related setting is set to "off" when they set?rel=ugc]https://www.tomshardware.com/picturestory/853-windows-10-settings-you-should-change.html#s8']set up a new PC. Whether the DPC's investigation results in changes to Windows 10 or its default remains to be seen."

    Seriously? If you have an Android phone, stop now, and smack yourself in the head. If you have an iPhone, stop now, and smack yourself in the head. If you use ChromeOS, stop now, and smack yourself in the head. If you use OS X, stop now, and smack yourself in the head.

    Everyone SINGLE one of these platforms conveys and shares more user privacy data than Windows 10, before Microsoft gave users more control.

    Go look at the headlines, and goofs that were made in exaggerating Windows 10's telemetry.

    For example, a headline like: "Windows 10 scans your PC to see what software you have installed."

    So does, iOS, so does Android, so OS X, so does ChromeOS, and the kicker - so does MOST LINUX distributions. They ALL must see what software and libraries you have when checking for software application updates - and this includes *nix repositories.

    The reason this was new or seemed difference, was the Windows/Microsoft Store didn't exist in XP or Vista or 7, and there was very little 3rd party software lookup outside of security in previous versions.

    How about the headlines about "Ink and Voice data" - The first problem with these stories, is they seem to think this is new to Windows 10. Yet, just as with Windows XP Tablet PC Edition, Vista, and 7 - Ink and Voice were shared in the same way with the same amount of data. These were and always have been optional, any only 'asked of the user' if they are using a Pen/Touch/Voice interface device. Which is why most Windows 7 users never noticed. And as you might expect, iOS, OSX, Android, ChromeOS all collect voice and ink and onscreen keyboard usage to improve how they work - JUST LIKE WINDOWS 10.

    Another fun headline about Windows 10 is about crash reporting telemetry. Windows XP shipped with crash reporting telemetry, just as OS X, iOS, Android, and even several Linux distributions. This wasn't new in Windows 10, and like all these other items, are not specific to Windows. The Vista/7 PCA layers of technologies were also designed from those 'crash reports' from XP, and this is how Windows 7/8/10 can correct and self correct bad memory, CPU instructions, API calls from 3rd party software, and why Windows 7 seemed magically crash resistant compared to XP.

    Sure, let's stop giving away or allowing any company access to our data. What I find shocking, is the tech industry, fueled by Google, going after Microsoft. The ONLY major tech company that pushes for more user privacy and user protections, and has fought Google and ATT and Comcast in courts for user privacy.

    So ya, all telemetry could be bad, but the one company that isn't selling it, is the one we see articles like this and governments going after. FFS.


    Finally...

    Microsoft makes virtually ZERO off of user data, advertising, and doesn't even allow their own ML/AI teams to touch user data for training.


    Google's primary existence is to collect user data, and create more 'free stuff' to suck up more user data. Google also makes money directly and indirectly from this data. For example, they will use GDriver/GDoc data to train their ML/AI technologies. User data is also fully accessible and able to be queried by Google to look for trends and other data analysis that Microsoft doesn't do. Google's parent company Alphabet, also has sub corporations that broker Google's User's data to other data broker companies that is then sold to insurance companies and other businesses.

    Why this matters... Ever wonder why your home insurance went up? Did you happen to mention something in a Gmail to a friend about a potential problem with your home? Did your risk insurance go up? Did you happen to mention you seldom cook at home? This last one seems unrelated, but insurance companies have found data correlations about your personal habits, and are now scoring your insurance for life/health/risk based on things you do that seem irrelevant.
    Reply
  • HexusCloudy
    The Net Avenger said:
    "Windows 10 has suffered?rel=ugc]https://www.tomshardware.com/news/microsoft-privacy-windows-creators-update,34066.html']suffered numerous privacy issues?rel=ugc]https://www.tomshardware.com/news/windows-10-stores-app-usage-activity-history,38234.html']issues since its debut, which is why we advise people to make sure every privacy-related setting is set to "off" when they set?rel=ugc]https://www.tomshardware.com/picturestory/853-windows-10-settings-you-should-change.html#s8']set up a new PC. Whether the DPC's investigation results in changes to Windows 10 or its default remains to be seen."

    Seriously? If you have an Android phone, stop now, and smack yourself in the head. If you have an iPhone, stop now, and smack yourself in the head. If you use ChromeOS, stop now, and smack yourself in the head. If you use OS X, stop now, and smack yourself in the head.

    Everyone SINGLE one of these platforms conveys and shares more user privacy data than Windows 10, before Microsoft gave users more control.

    Go look at the headlines, and goofs that were made in exaggerating Windows 10's telemetry.

    For example, a headline like: "Windows 10 scans your PC to see what software you have installed."

    So does, iOS, so does Android, so OS X, so does ChromeOS, and the kicker - so does MOST LINUX distributions. They ALL must see what software and libraries you have when checking for software application updates - and this includes *nix repositories.

    The reason this was new or seemed difference, was the Windows/Microsoft Store didn't exist in XP or Vista or 7, and there was very little 3rd party software lookup outside of security in previous versions.

    How about the headlines about "Ink and Voice data" - The first problem with these stories, is they seem to think this is new to Windows 10. Yet, just as with Windows XP Tablet PC Edition, Vista, and 7 - Ink and Voice were shared in the same way with the same amount of data. These were and always have been optional, any only 'asked of the user' if they are using a Pen/Touch/Voice interface device. Which is why most Windows 7 users never noticed. And as you might expect, iOS, OSX, Android, ChromeOS all collect voice and ink and onscreen keyboard usage to improve how they work - JUST LIKE WINDOWS 10.

    Another fun headline about Windows 10 is about crash reporting telemetry. Windows XP shipped with crash reporting telemetry, just as OS X, iOS, Android, and even several Linux distributions. This wasn't new in Windows 10, and like all these other items, are not specific to Windows. The Vista/7 PCA layers of technologies were also designed from those 'crash reports' from XP, and this is how Windows 7/8/10 can correct and self correct bad memory, CPU instructions, API calls from 3rd party software, and why Windows 7 seemed magically crash resistant compared to XP.

    Sure, let's stop giving away or allowing any company access to our data. What I find shocking, is the tech industry, fueled by Google, going after Microsoft. The ONLY major tech company that pushes for more user privacy and user protections, and has fought Google and ATT and Comcast in courts for user privacy.

    So ya, all telemetry could be bad, but the one company that isn't selling it, is the one we see articles like this and governments going after. FFS.


    Finally...

    Microsoft makes virtually ZERO off of user data, advertising, and doesn't even allow their own ML/AI teams to touch user data for training.


    Google's primary existence is to collect user data, and create more 'free stuff' to suck up more user data. Google also makes money directly and indirectly from this data. For example, they will use GDriver/GDoc data to train their ML/AI technologies. User data is also fully accessible and able to be queried by Google to look for trends and other data analysis that Microsoft doesn't do. Google's parent company Alphabet, also has sub corporations that broker Google's User's data to other data broker companies that is then sold to insurance companies and other businesses.

    Why this matters... Ever wonder why your home insurance went up? Did you happen to mention something in a Gmail to a friend about a potential problem with your home? Did your risk insurance go up? Did you happen to mention you seldom cook at home? This last one seems unrelated, but insurance companies have found data correlations about your personal habits, and are now scoring your insurance for life/health/risk based on things you do that seem irrelevant.

    The things you have just said aren't true though are they? Obviously. It's not clickbait mainstream news that has created this reputation for Windows, it is accepted in cybersec and for good reason. It's all proven.
    Reply
  • USAFRet
    HexusCloudy said:
    The things you have just said aren't true though are they? Obviously. It's not clickbait mainstream news that has created this reputation for Windows, it is accepted in cybersec and for good reason. It's all proven.
    What he says is mostly correct.
    Google, Apple, Amazon, your cell phone...all at least as intrusive as Microsoft.
    Reply
  • HexusCloudy
    USAFRet said:
    What he says is mostly correct.
    Google, Apple, Amazon, your cell phone...all at least as intrusive as Microsoft.
    Google certainly, and they get their criticism. Linux, not even close. Apple are reasonable.
    Amazon are bad but have nowhere near as much access to data.

    Google is probably worse, other than Amazon the rest are saints in comparison.
    Definitely not "at least as intrusive as Microsoft"

    Regarding this -
    "Microsoft makes virtually ZERO off of user data, advertising, and doesn't even allow their own ML/AI teams to touch user data for training "

    Within the last 2 weeks it has been reported that Microsoft contractors have been listening to Skype and Cortana audio recordings. Microsoft collects the data and contractors review it.
    Rather than being a positive thing that they aren't full Microsoft employees, it's actually worse.

    ""The fact that I can even share some of this with you shows how lax things are in terms of protecting user data," a Microsoft contractor who provided the cache of files to Motherboard said. "

    From Microsoft themselves - "Microsoft collects voice data to provide and improve voice-enabled services like search, voice commands, dictation or translation services. "
    Reply
  • The Net Avenger
    HexusCloudy said:
    Google certainly, and they get their criticism. Linux, not even close. Apple are reasonable.
    Amazon are bad but have nowhere near as much access to data.

    Google is probably worse, other than Amazon the rest are saints in comparison.
    Definitely not "at least as intrusive as Microsoft"

    Regarding this -
    "Microsoft makes virtually ZERO off of user data, advertising, and doesn't even allow their own ML/AI teams to touch user data for training "

    Within the last 2 weeks it has been reported that Microsoft contractors have been listening to Skype and Cortana audio recordings. Microsoft collects the data and contractors review it.
    Rather than being a positive thing that they aren't full Microsoft employees, it's actually worse.

    ""The fact that I can even share some of this with you shows how lax things are in terms of protecting user data," a Microsoft contractor who provided the cache of files to Motherboard said. "

    From Microsoft themselves - "Microsoft collects voice data to provide and improve voice-enabled services like search, voice commands, dictation or translation services. "

    Um, one thing...

    The Cortana data used is random clips that have zero association with any user. This is not user data, even though in theory a user could mention something in the clip that would identify them.

    The point being, you will find your content from GDrive being used by Google, you will NOT find OneDrive being used by Microsoft.

    This is a big difference between Microsoft and Google, and not something that should be conflated or misunderstood and so easily be dismissed.
    Reply
  • chickenballs
    yeah forcing all the bloatware through UWP should be illegal
    I hope EU will give them another ~800 million dollar fine
    ?rel=ugc]https://en.wikipedia.org/wiki/Microsoft_Corp._v._Commission
    Reply