Windows 10 once again facing EU GPDR investigation

[German]Microsoft has once again come into the focus of the European data protection watch guards with regard to Windows 10 privacy. The Dutch data protection authority (DPA) has accused Microsoft of remotely collecting user data of Windows 10 Home and Pro systems and thus possibly violating European Union (EU) data protection regulations (GDPR).


With its cloud and telemetry mania, Microsoft is coming under increasing fire in the EU because of the general data protection regulation (GDPR). Office 365 isn't conform to the GDPR – and Windows 10 is also facing data protection investigations. I have been blogging about this topic in since 2015. Within the last four years, Microsoft has had partly improved its data protection policy. Now there are new accusations and an investigation order has been given to the Irish data protection authority – this time for Windows 10.

Dutch data protection authority intervenes

The Dutch data protectors have been focusing on Windows 10 for some time now because of the collection of telemetry data (see the Techcrunch article from October 2017). Now I came across a Reuter article about the following tweet, which deals with the topic again.

The Dutch Data Protection Agency (DPA) alleges that Microsoft still collects remote data from users of Windows Home and Windows Pro, possibly in violation of EU data protection legislation (GDPR).

Audit reveals irregularities

This year the Dutch DPA has taken an audit on Windows 10 again, after Microsoft was asked last year to improve its data protection. The auditors have found the practices , which probably is a violation of GDPR.


"Microsoft is permitted to process personal data if consent has been given in the correct way," the watch guard writes. "We've found that Microsoft collect diagnostic and non-diagnostic data. We'd like to know if it is necessary to collect the non-diagnostic data and if users are well informed about this.

Does Microsoft collect more data than they need to (think about dataminimalization as a base principle of the GDPR). Those questions can only be answered after further examination."

Irish data protection authority contacted

The Dutch regulator informed Reuters that it had passed on its findings to its counterpart in Ireland, where Microsoft has its headquarters. The Irish Data Protection Committee (DPC) confirmed that it had received the information from the Dutch regulators last month to TechCrunch.

"Since then the DPC has been liaising with the Dutch DPA to further this matter. The DPC has had preliminary engagement with Microsoft and, with the assistance of the Dutch authority, we will shortly be engaging further with Microsoft to seek substantive responses on the concerns raised."

Techchrunch has published here an extended statement from Microsoft. This means that Microsoft is once again in the focus of data protection commissioners. This articles from Forbes also covers that issue.

Cookies helps to fund this blog: Cookie settings

This entry was posted in Windows and tagged , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *