E.U. regulations behind Microsoft’s new Windows 10 privacy controls

The General Data Protection Regulation (GDPR), the European Union privacy regulation scheduled for implementation next May, has led Microsoft Corp. to revise Windows 10’s privacy controls in its upcoming Creators Update.

In an April 5 blog post Terry Myerson, executive vice president of Microsoft’s Windows and Devices Group (WDG), and WDG privacy officer Marisa Rogers outlined three new ways customers will be able to control their privacy settings in the Creators Update, which is scheduled for release on April 11.

In his introduction to the post, Myerson said he was proud of his team’s work and its commitment to user privacy.

“I’m also appreciative of the great feedback we’ve received from our customers along this journey,” he wrote. “This feedback – in line with the feedback we have received from the European Union’s Article 29 Working Party and national data protection authorities that have specifically engaged us on Windows 10 – was essential for Microsoft to identify and implement improvements in our privacy practices.”

The changes will include:

  1. Improved privacy information, featuring short, straightforward descriptions about each privacy setting and a “Learn More” button.
  2. An updated privacy statement, including information about the Creators Update’s privacy enhancements.
  3. Additional details about the user data collected, and why, with Microsoft committed to collecting only the data that is necessary to keep your Windows 10 device secure and up to date at the lowest setting.

The default selections on the new privacy settings screen will be based on the user’s previous choices; if the user previously turned off location services, for example, they will automatically be turned off.

Creators Update privacy settings with all data collection features on and diagnostics set to “Full.” Courtesy Microsoft (Click for a larger version).
Creators Update privacy settings with all data collection features off and diagnostics set to “Basic.” Courtesy Microsoft (Click for a larger version).

Customers who choose the higher setting – “Full,” rather than “Basic” – will have their diagnostic data collected in order to improve Windows 10, and to “deliver more personalized experiences for you where you choose to let us do so,” Myerson wrote, noting that the “Basic” level will collect half as much data as before.

Moreover, those who install Windows 10 for the first time will be required to choose their privacy settings before starting the program up.

The recommended settings that Microsoft believes “will provide you with the richest experience and enable important Windows 10 features to operate most effectively.” Courtesy Microsoft (Click for a larger version).
The same screen with all toggles set to “Off” and diagnostics to “Basic.” Courtesy Microsoft (Click for a larger version).

“Like previous privacy statement updates, we will make this information available to you in a layered manner online, allowing you to progressively explore more information about your privacy choices with Windows 10,” Myerson wrote. “Our hope is this information will help you be more informed about the data we collect and use, enabling you to make informed choices.”

Meeting GDPR standards

According to the European Commission’s website, the GDPR applies if either an organization collecting personal data or the person whose data is being collected is based in the E.U. – which means the regulations apply to organisations outside the E.U. “if they collect or process personal data of EU residents,” though it does not apply to personal data processing for reasons related to national security or law enforcement.

Notably, the regulations state that E.U. citizens must have:

  • Easy access to their own data, including information on how their data is processed, which must be made available in a clear and understandable way;
  • Their information stored on portable platforms – that is, easily transferable between service providers;
  • The “right to be forgotten,” with data deleted when customers no longer want their data processed and there are no legitimate grounds for retaining it;
  • The right to know their data has been hacked, with companies and organisations obligated to notify the appropriate authorities of serious data breaches as soon as possible so that users can take appropriate measures.

In the April 5 blog, Microsoft’s Rogers referred to Microsoft’s commitment to privacy as a “journey,” emphasizing that the latest updates were by no means the end and that the company will share more information about Windows 10’s compliance with the GDPR in the future.

“In future updates, we will continue to refine our approach and implement your feedback about data collection and privacy controls,” she wrote. “We are committed to helping ensure you have access to even more information and can review and delete data we collect via the Microsoft privacy dashboard.”

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Eric Emin Wood
Eric Emin Wood
Former editor of ITBusiness.ca turned consultant with public relations firm Porter Novelli. When not writing for the tech industry enjoys photography, movies, travelling, the Oxford comma, and will talk your ear off about animation if you give him an opening.

Related Tech News

Get ITBusiness Delivered

Our experienced team of journalists brings you engaging content targeted to IT professionals and line-of-business executives delivered directly to your inbox.