Windows 10: Issues Regarding Processing User Data


by Cristina Olesti y Daniel Urbán.

Last Monday, the Article 29 Working Party—composed of representatives of the national data protection authorities of the EU Member States, the European Data Protection Supervisor and the European Commission— again expressed its concern about how personal data is processed by Windows 10. The commission considers that the program does not offer sufficient protection guarantees for users. In particular, it complains that Microsoft does not explain clearly which data is processed and for which purpose, and questions whether the consent given by users to process their personal data is valid.

This announcement is in addition to the meetings held between the Article 29 Working Party and Microsoft, where the lack of control and supervision over how the company processes the data its collects from its users was highlighted. Based on these meetings, some national authorities have taken measures against Microsoft, such as the French authority (CNIL) which has required Microsoft to set limits regarding obtaining personal data to comply with French law.

Based on the above, Microsoft has agreed to update Windows 10 during 2017 to include improvements in security and user privacy.

This is not the only case relating to managing personal information and data that the European Union has focused on. As we mentioned in previous entries on this blog, the EU has investigated companies such as Facebook, WhatsApp and Google at national and European level.