Irish Data Protection Commission launches probe into Microsoft

28 Aug 2019

Windows 10. Image: ifeelstock/Depositphotos

The Dutch Data Protection Agency referred the case to Ireland’s DPC as it is Microsoft’s lead privacy regulator in the EU.

Ireland’s Data Protection Commission (DPC) has been asked to investigate ongoing concerns over how Microsoft’s Windows 10 system gathers user data.

On Tuesday (27 August), the Dutch Data Protection Agency (DPA) claimed that Microsoft could potentially be breaching data rules by collecting the data of Windows Home and Windows Pro users.

Microsoft was previously found to be in breach of Dutch privacy laws in 2017, as a result of how the company collected telemetry metadata.

In response, Microsoft made changes to how the software operates, but while testing those changes, the DPA found “new, potentially unlawful, instances of personal data processing”, the agency said in a press release.

The DPA said: “Microsoft is permitted to process personal data if consent has been given in the correct way. We’ve found that Microsoft collects diagnostic and non-diagnostic data. We’d like to know if it is necessary to collect the non-diagnostic data and if users are well informed about this.”

DPC response

According to Reuters, the DPA forwarded its findings to the DPC last month for further investigation, as the authority is Microsoft’s lead EU privacy regulator with the company’s regional headquarters located in Ireland.

The DPC told Reuters: “The DPC has had preliminary engagement with Microsoft and, with the assistance of the Dutch authority, we will shortly be engaging further with Microsoft to seek substantive responses on the concerns raised.”

In response, Microsoft said: “We will work with the Irish Data Protection Commission to learn about any further questions or concerns it may have, and to address any further questions and concerns as quickly as possible.

“Microsoft is committed to protecting our customers’ privacy and putting them in control of their information. Over recent years, in close coordination with the Dutch data protection authority, we have introduced a number of new privacy features to provide clear privacy choices and easy-to-use tools for our individual and small business users of Windows 10. We welcome the opportunity to improve even more the tools and choices we offer to these users.”

Since GDPR came into effect in May 2018, Ireland’s DPC has opened investigations into at least 19 tech multinationals, including Facebook, Instagram and WhatsApp.

Windows 10. Image: ifeelstock/Depositphotos

Kelly Earley was a journalist with Silicon Republic

editorial@siliconrepublic.com