European Union data protection watchdogs are still not happy about the privacy settings in Windows 10, even after Microsoft responded to criticisms in January over the way it collects data.
The main concerns are over Windows 10’s default installation settings and users’ apparent lack of control over the company’s processing of their data, Reuters reports.
The watchdog behind the concerns is the Article 29 Working Party, which is comprised of the EU’s 28 authorities in charge of protecting data and is the group responsible for the soon-to-be-enforced General Data Protection Regulation (GDPR).
Changes not enough
Microsoft proposed changes to its installation screen earlier this year, which would present users with five options to limit or switch off the processing of their data. It would include new privacy options and a set-up process with clearer options for disabling location, speech recognition, diagnostics, recommendations and relevant ads.
The Article 29 Working Party believes it still doesn’t provide users with enough information, though. In a statement the group said: “Microsoft should clearly explain what kinds of personal data are being processed for what purposes. Without such information, consent cannot be informed, and therefore, [it cannot be] valid”.
‘Microsoft vs. Everybody’
Microsoft has been entangled with lawmakers in one way or another for most of its history. The technology company has received dozens of fines from US and European governments, while it has itself filed four separate lawsuits against the US government over users’ personal data protection.
There has been no response from Microsoft to these latest concerns, but a number of national authorities have begun enquiries into Windows 10, Reuters claims. This includes France’s data protection commission, which last July ordered Microsoft to “stop collecting excessive user data”.
Get to know the GDPR
The way Microsoft collects data will soon have to change. On 25 May 2018, the GDPR will be enforced, unifying data protection requirements across EU member states. Companies will need to comply with the requirements or they could face fines of up to 4% of annual global turnover or €20 million, whichever is greater.
Although Microsoft is based in the US, it will still be affected as the Regulation applies to any organisation that processes personal information of EU residents.
For those trying to get to grips with the new law, the EU GPPR – A Pocket Guide is the perfect introduction to the principles of data privacy and the GDPR. It is now available in the following languages: