Windows 10 privacy issues persist, says EU privacy watchdog

In a carefully worded letter, the EU's top privacy watchdog group reminded Microsoft to address Windows 10 privacy issues related to the handling and processing of personal information, even after Microsoft's responses to a previous warning.

EU's Article 29 Data Protection Working Party (WP29) includes representatives from the data protection authorities of each EU member state, and is tasked with advising on data protection.

In the letter addressed to Microsoft's Brendon Lynch, chief privacy officer, and Satya Nadella, CEO, the Working Party expressed concerns over Windows 10 privacy issues including "default installation settings and an apparent lack of control for a user to prevent collection or further processing of data, as well as concerns about the scope of data that are being collected and further processed."

WP29 raised issue with Microsoft's new express installation screen, pointing out that Microsoft's changes may not give those users enough information to give valid consent, despite requiring users to choose from five different options for limiting data collection.

In response to the first warning letter sent from WP29 in January, Microsoft announced a web-based privacy dashboard to give users greater control over their privacy settings, as well as a retooling of the Windows 10 privacy setup, which included simplified diagnostic data levels and a reduction in data collected at the basic level in Windows 10.

"The proposed new explanation when, for example, a user switches the level of telemetry data from 'full' to 'basic' that Microsoft will collect 'less data' is insufficient without further explanation. Such information currently is also not available in the current version of the privacy policy," WP29 wrote in its letter on Windows 10 privacy issues.

The Working Party also pointed out that Microsoft should more clearly explain why it is collecting data from users, as well as clarify the scope of personal data required to allow Windows 10 to operate.

Microsoft responded to the letter with a prepared statement: "We are listening carefully to comments from members of the Article 29 Working Party and we will continue to cooperate with the Working Party and national data protection agencies. Our January announcement of changes coming to the Windows 10 privacy settings reflect[s] our commitment to the protection of our users' personal data."

The letter was sent out the same day Microsoft announced its commitment for all of its cloud services to be compliant with the new General Data Protection Regulation for protecting personal information, which is set to begin enforcement in May 2018.