Microsoft Snooping

Windows 10 'telemetry' snoops on your data without users having any choice to say no. Surely a massive no-no under the European General Data Protection Law. This required that either the data grab is either essential or else consent has been gained. And Microsoft never asks for consent, it just grabs it anyway.

Now the Dutch Data Protection Office (DPO) is asking how Microsoft complies with GDPR. It has referred Windows 10 to the data protection authority in Ireland, where Microsoft is headquartered in Europe

The case stems from the Dutch data-protection agency's (DPA's) findings in pre-GDPR 2017. At that time, the agency found that Microsoft didn't tell Windows 10 Home and Pro users which personal data it collects and how it uses the data, and didn't give consumers a way to give specific consent.

As part of the Windows 10 April 2018 Update, Microsoft last year released new privacy tools to help explain to users why and when it was collecting telemetry data. And by April 2018, the Dutch DPA assessed that the privacy of Windows 10 users was greatly improved due to its probe, having addressed the concerns raised over earlier versions of Windows 10.

However, the Dutch DPA on Tuesday said while the changes Microsoft made last year to Windows 10 telemetry collection did comply with the agreement, the company might still be in breach of EU privacy rules. The earlier investigation brought to light that Microsoft is remotely collecting other data from users. As a result, Microsoft is still potentially in breach of privacy rules.

Ireland's DPA has confirmed it had received the Netherlands' request.

Nagware makers Microsoft have come under fire from France's National Data Protection Commission (CNIL) over Windows 10 collecting too much data about users.

CNIL has ordered Microsoft to comply with the French Data Protection Act within three months. The company has been ordered to stop collecting excessive data and tracking browsing by users without their consent .

In addition to this, the chair of CNIL has notified Microsoft that it needs to take satisfactory measures to ensure the security and confidentiality of user data . The notice comes after numerous complaints about Windows 10, and a series of investigations by French authorities which revealed a number of failings on Microsoft's part.

The CNIL particularly notes Windows 10's telemetry 'service' which gathers information about the apps users have installed and how long each is used for. The complaint is that these data are not necessary for the operation of the service .

The company is also criticized for its lack of sufficient security -- such as the four-digit PIN used to protect payment information which does not have a limit on the number of guesses that can be made. The CNIL's list of complaints does not end there. It also took exception to the activation of an advertising ID for tailored advertising without user consent, the lack of cookie blocking options, and the fact that data is being transferred out of Europe to the US.