Microsoft has halved the volume of data that Windows 10 collects from users, following changes to the way the operating system (OS) handles user privacy.
When users select the ‘Basic’ telemetry setting, the OS makes sure that users either opt in or out of a setting that allows an advertising ID to track web browsing in order to produce personalised adverts. Windows 10 also tightens the security of its four-digit PIN system that allows users to access Microsoft’s online services.
French authorities threatened penalties
The changes to the way Microsoft collects users’ data comes in response to the threat of a fine from France’s National Data Protection Commission (CNIL). Last year, the CNIL issued a formal notice against Microsoft, stating that Windows 10 violated French data protection laws.
The CNIL’s notice made specific reference to the way the OS tracks web browsing and to its PIN system’s lack of security, but also criticised the collection of irrelevant or excessive data, the lack of an option to block cookies and the fact that data is still being transferred outside the EU on a ‘safe harbour’ basis – the agreement having been deemed invalid by the Court of Justice of the European Union in 2015.
Microsoft asked the CNIL for time to change the way Windows 10 collects data, and was initially given three months. In November 2016, the company asked for more time, and has now come good on its promise. The CNIL announced last month that Windows 10 now complies with France’s data protection laws, and as such, it is dropping its threat of a fine.
Prepare for the GDPR
Microsoft was able to adjust the way it collects users’ data in order to comply with current data protection laws, but with the EU General Data Protection Regulation (GDPR) taking effect next year, it might have to make further changes.
The GDPR introduces much stricter rules for companies processing EU residents’ personal data, and imposes tougher penalties for non-compliance. Any company found to be in breach of the Regulation can expect a fine of up to €20 million or 4% of its annual global turnover – whichever is greater.
If your organisation is currently preparing for the GDPR, or you are looking to understand and demonstrate your knowledge of it, you should take a look at IT Governance’s GDPR training courses. With a range of programmes in both classroom and distance learning formats, we are your one-stop shop for high-quality and cost-effective training solutions.