European Union data-protection authorities aren’t satisfied with Microsoft’s recently announced changes to Windows 10 privacy settings and data collection.
Microsoft’s proposed Windows 10 privacy settings screen was enough for the Swiss data protection watchdog to drop its lawsuit over Microsoft’s collection of telemetry data.
However, a group of Europe’s 28 data-protection watchdogs, known as the Article 29 Working Party, has now said it still wants Microsoft to clarify what personal data it’s collecting and how it’s used, including its role in advertising.
“In light of the above, which are separate to the results of ongoing inquiries at a national level, even considering the proposed changes to Windows 10, the Working Party remains concerned about the level of protection of users’ personal data,” the group said in a statement to Reuters.
The French national data-protection commission CNIL last July ordered Microsoft to “stop collecting excessive data and tracking browsing by users without their consent”.
To ease those concerns, Microsoft in January launched an online privacy control dashboard and new in-built Windows 10 privacy settings with five options to switch on or off data collection covering device location, speech recognition, tailored experiences using diagnostic or telemetry data, and advertising. Each setting offers a brief description of what users can expect when the setting is on or off.
However, another diagnostics setting for Microsoft to improve its services can only be toggled between ‘Full’ and ‘Basic’, dropping a third option called ‘Enhanced’.
The Basic option will no longer collect information about app installation or usage, and stick strictly to security and reliability, with basic error reporting.
The new privacy controls will roll out in the upcoming Creators Update, expected to become generally available in April.
The EU privacy group said the new Windows 10 privacy settings still does not make it clear to what extent users will be informed about the specific data being collected, according to Reuters.
“Microsoft should clearly explain what kinds of personal data are processed for what purposes. Without such information, consent cannot be informed, and therefore, not valid,” the group said.
Read more about Microsoft and the EU
Source: SANS ISC SecNewsFeed @ February 21, 2017 at 05:15AM