Microsoft’s Windows 10 and Office telemetry has been found to be in violation of General Data Protection Regulation by Dutch regulators, reports the Telegraph.
The complaint centres around the normal software monitoring of users of Word, Excel, PowerPoint and Outlook which Microsoft says it is collecting for functional and security purposes. The data was found to include sentences from Microsoft Word or lines of emails if its automated systems detected certain actions, like using a spell-checker.
The Dutch Ministry of Justice was however not satisfied, noting in a report that analysis of the data showed the data collected included email subject lines, saying: “Data provided by and about users was being gathered through Windows 10 Enterprise and Microsoft Office and stored in a database in the US in a way that posed major risks to users’ privacy.”
Privacy Company, who conducted the investigation on behalf of the Dutch government, said Microsoft engaged in “large-scale and secret processing of data”.
Microsoft has made efforts to come into compliance before, by moving its data collection back to Europe and the company agreed in October to undertake an improvement plan for its services.
“Microsoft has committed to submitting these changes for verification in April 2019,” the Regulator said, threatening enforcement measures if there is no progress. Companies can be fined as much as 4% of their annual revenue for major breaches.
A Microsoft spokesman said: “We are committed to our customers’ privacy, putting them in control of their data and ensuring that Office ProPlus and other Microsoft products and services comply with GDPR and other applicable laws. We appreciate the opportunity to discuss our diagnostic data handling practices in Office ProPlus with the Dutch Ministry of Justice and look forward to a successful resolution of any concerns.”
Thanks, John for the tip.