European and particularly German Data Protection Regulators have been having a long-running issue with Microsoft regarding the data its operating system sends back to Microsoft.
The concern is that the telemetry the OS sends back can include personal information, such as email addresses and text snippets being sent back in keyboard and auto-correct telemetry data. This has resulted in German data protection agencies announcing that Windows 10 is not GDPR-compliant and was not fit for use in schools and government work for example.
Microsoft has made efforts to be compliant with the rules, for example moving their servers into the EU, and today Microsoft scored a significant win, after the Bayerischen Landesamts für Datenschutzaufsicht — Bavarian agency for data protection, announced that Windows 10 Enterprise version 1909 (and Education) does not send back any telemetry data to Microsoft when properly configured for this purpose.
This testing was completed in December 2019 and was done in a laboratory environment with Microsoft staff in attendance. It included setting the telemetry settings to ‘security’ and using recommended Microsoft tools and settings to further adjust what data is collected. Monitoring the network the computers were placed on showed no data was being transmitted except for certificate requests (though even this could be deactivated), though the agency noted that this needed to be confirmed in a real-world setting.
The agency was not able to configure Windows 10 Pro (and Home) in a similar fashion, but this should mean that where data privacy is essential telemetry collected by Windows 10 Enterprise should no longer be an issue, saying:
Should this result in real use of Windows 10 at companies confirm then at least dealing with telemetry data in Windows 10 Enterprise (also in managed environments) does not constitute an obstacle to data protection law of this operating system.
The information is contained in a report which can be seen here.