Microsoft Windows Security: Breach of Privacy

News Agency Amsterdam revealed that Microsoft is remotely collecting data from users of Windows Home and Windows Pro without their consent and has potentially breach Privacy rules made by the Dutch Data Protection Agency.

The Dutch Data Protection Agency found out data-collecting practices when it was going through scrutiny of privacy protection changes in Windows run last year.

They also said that the company could end up facing an EU’s General Data Protection Regulation (GDPR) inquiry after the Netherlands ‘data breach’.

Microsoft has always managed to somehow dodge enormous fines imposed on it by the European Data Protection Board but this time it is a little complicated.

Microsoft sells target oriented ads against search results. Multiple users complained about how their data is safe in the cloud. Microsoft have never gone through a tough level of scrutiny for years, but this time Microsoft may have to stand before the Congressmen.

Microsoft has basically adapted and learned how to tackle and handle the regulators in a subtle way. That’s a probable reason why Microsoft doesn’t have to appear before the Congressmen. Microsoft’s got shrewd minds to tackle all this and they already have long-standing relationships through Policy Makers.

To know more, check out what the Dutch D.P.A says and how Microsoft has responded to that.

How did Dutch D.P.A react to the issue? 

The Dutch Data Protection Agency (DPA ) investigated Microsoft in pre-GDPR 2017. They found out that Microsoft didn’t bother to inform Windows 10 users of both Pro and Home, which personal data it gathers and how they use the data and moreover they didn’t make anyway for customers to bring up issues related to that.

Later they informed that “Microsoft has complied with the data privacy agreement made between them”, but there is more to this.

The Dutch Data Protection Agency also revealed that “Microsoft is remotely collecting User’s other data without letting them know”, and this also violates the privacy rules set by the European Unions GDPR. 

Dutch DPA on the Month of July requested Ireland’s Data Protection Agency to look into the case and this has to be the plan because this is the place where most US tech giants have established Non-US headquarters, including Microsoft.

Ireland DPA later confirmed via Tech Crunch that they accept Netherland’s request to look into the privacy breach case.

The Irish Data Protection Committee says ” that it has engaged with Microsoft in the past but that didn’t really help, so this time with the help of Dutch Authority they will be engaging and interacting further with Microsoft and ask for the reason behind this breach of Rules of European Data Privacy Board.

Microsoft Compliance with the Dutch Data Protection Agency

After the scrutiny and inquiry with Microsoft, it came up with a new Windows 10 update on 2018, April 10th. This update now helps understand users that when and why are the telemetric data being collected. After the update, the Dutch Data Protection Agency audited the new release and checked the privacy model. It turned out to be good for them at first.

The Dutch DPA acknowledged that Microsoft has brought several changes in the new Windows 10 update and complied with Windows 10 telemetry data collection, but they remain unsuccessful to comply with the European Union’s privacy rules and found out several breaches have been made.

Microsoft is taking massive actions prior to these changes and have changed their entire operation method and are trying to change the privacy framework for better transparency with users. They confirmed they will now handle privacy issues from Software Standpoint, Legal Standpoint, and Computer Interaction Standpoint.

A spokesperson of Microsoft even said that they are totally dedicated to protecting the privacy of its users and had already changed privacy features fro small businesses and individuals for the users of Windows 10.

The Dutch Data Protection Agency also notified that a single breach potentially could penalize Mircosoft to GDPR fines up to 4 percent of the organization’s global revenue and that is a lot.

The Dutch DPA told news channels that Microsoft has to abide by the agreements made, but they are still remotely collecting other data from users without letting them know about it.

Back in 2016, Microsoft was asked by France to immediately stop tracking Windows 10 user’s data.

An Microsoft official said, that they will take additional steps to make it easier for customers to find out what info Microsoft is collecting from Windows 10 users and provide them with more control over data sharing. They also added” that they will let Users pick between the basic and full level of data gathering.

Wrapping things Up

This brings us to the end of how the Dutch regulator sees potential privacy breach in Microsoft Windows and how have Microsoft responded to that. If you want to know about your data collection by Microsoft, you can directly go to the official page of Microsoft and find out Microsoft Privacy Statement and go through it. Microsoft is now focussing on how to keep data collection minimal and how to maintain absolute transparency and privacy with the Users.