DPA’s investigate Microsoft Windows 10
The data protection authorities (DPA’s) of Bavaria (Germany), France, the Netherlands, Hungary, Slovenia, Spain and UK have initiated detailed inquiries into the processing of personal data processed via Windows 10 by Microsoft. The DPA’s have concerns, even considering the proposed changes to Windows 10, about the protection of users’ personal data.
The DPA’s sent a letter to Microsoft and told Microsoft they appreciate the company’s recent announcement of future improvement of the installation process, to offer users more control over the ways the company is collecting and processing their data. The authorities however also expressed their concerns about the default installation settings and an apparent lack of control for a user to prevent collection and further processing of data, as well as concerns about the scope of data that are being collected and further processed.
The DPA’s recalled that user consent can only be valid if fully informed, freely given and specific.
Additionally, the authorities emphasized that the purposes for which Microsoft collects personal data have to be specified, explicit and legitimate, and the data may not be further processed in a way incompatible with those purposes. Microsoft processes data collected through Windows 10 for different purposes, including personalised advertising. Microsoft should clearly explain what kinds of personal data are processed for what purposes. Without such information, consent cannot be informed, and therefore, not valid.