Windows 10 made Microsoft commit to a lot of firsts; it’s Microsoft’s first operating system as a service; the first to receive new features via upgrades; Windows 10 was a free upgrade, also a first.
Unfortunately, it’s also the first operating system by Microsoft that features advertisements. It also collects a lot of user data via its telemetry.
Microsoft doesn’t make obvious what data it collects from its users, and yet asks them to agree to its terms while upgrading to or installing Windows 10, and Europe isn’t a fan of that.
Article 29 Working Party
A privacy watchdog group consisting of the European Union’s 28 authorities for data protection had made clear its concerns regarding user privacy to Microsoft last year. The group – known as Article 29 Working Party – mostly focused on the lack of transparency on what data Microsoft was collecting, as well as the lack of control over said data.
Last month, Microsoft announced that it would rectify some of these issues with the upcoming Creators Update in April.
Microsoft’s solution is to simplify the diagnostic data collection levels, further explaining what data Microsoft collects from its users.
With Creators Update, users will be able to switch between basic and full data collection levels. In addition to that, Microsoft will also reduce the amount of data it collects for those on the basic level.
Microsoft also announced a web-based privacy dashboard where the company will display any data it collects, as long as Microsoft can link it back to the user’s account. It will also give users the option to clear certain parts of data, like location or browsing history.
It’s not enough
As Reuters reports, the Article 29 Working Party group is not pleased with these changes and demands more of Microsoft.
“In light of the above, which are separate to the results of ongoing inquiries at a national level, even considering the proposed changes to Windows 10, the Working Party remains concerned about the level of protection of users’ personal data,” the group said in a statement today.
The group argues that while these changes are for the better; Microsoft still hasn’t made it clear why it needs to collect this data.
“Microsoft should clearly explain what kinds of personal data are processed for what purposes. Without such information, consent cannot be informed, and therefore, not valid.”
Europe has always been strict with its privacy laws. France’s data protection commission told Microsoft to “stop collecting excessive user data” last year, while the Swiss data protection regulators launched an investigation against Microsoft all the way back in 2014.
Microsoft has worked with regulators whenever the circumstances needed cooperation; this time the company is just finding it a bit more tricky to find a compromise.