Data protection regulators in the European Union, especially Germany, are very concerned about Microsoft’s collection of consumer private data through the Windows 10 operating system. This private data may contain the user’s personal information. Data is sent to Microsoft for review when users enter content, and if the user enters a number or e-mail message, it is also collected by Microsoft.
German regulators believe that Microsoft’s approach does not meet the requirements of the EU’s general data protection regulations and is not suitable for use in educational institutions such as schools and governments.
In order to comply with EU ’s general data protection regulations, Microsoft stored EU user data on servers in the EU, which complies with EU ’s data storage requirements.
Microsoft also provides solutions to the problem of collecting users’ private information through telemetry data. The German regulator and Microsoft representatives recently conducted preliminary tests.
The Bavarian State Office for Data Protection Supervision, an influential data-protection authority in Germany, announced that Windows 10 v1909 Enterprise and Education can stop sending any data after proper configuration.
Governments and educational institutions need to configure telemetry data to be secure in this release before continuing to adjust the scope of data collection using special tools provided by Microsoft.
In the laboratory, the regulatory authority finally confirmed: “Only calls to (Microsoft) servers that deliver current cryptographic certificates could not be switched off with this configuration, as these are required to ensure that a Windows 10 system can be operated securely on a daily basis (for example, when a user calls back a valid SSL root certificate). These calls can also be prevented by targeted system configurations, although such a procedure is by no means recommended for reasons of security.”
A representative of the German regulator said that the current conclusions apply only to the Windows 10 Enterprise edition, such as the Professional and Home editions, which cannot prevent data collection.
At this stage, the regulatory agency can only confirm that the blocking of data collection can be completed only after the enterprise version is properly configured, and it can be used by governments and educational institutions.
Microsoft has not released any statement so it is unclear whether the company will provide a dedicated tool to allow more users to actively set up telemetry data.
At the same time, it is not known whether Microsoft will implement the plan for markets outside the European Union, but at least at this stage, such data collection is still ongoing.