The General Data Protection Regulation (GDPR), the European Union privacy regulation scheduled for implementation next May, has led Microsoft Corp. to revise Windows 10’s privacy controls in its upcoming Creators Update.
In an April 5 blog post Terry Myerson, executive vice president of Microsoft’s Windows and Devices Group (WDG), and WDG privacy officer Marisa Rogers outlined three new ways customers will be able to control their privacy settings in the Creators Update, which is scheduled for release on April 11.
In his introduction to the post, Myerson said he was proud of his team’s work and its commitment to user privacy.
“I’m also appreciative of the great feedback we’ve received from our customers along this journey,” he wrote. “This feedback – in line with the feedback we have received from the European Union’s Article 29 Working Party and national data protection authorities that have specifically engaged us on Windows 10 – was essential for Microsoft to identify and implement improvements in our privacy practices.”
The changes will include:
- Improved privacy information, featuring short, straightforward descriptions about each privacy setting and a “Learn More” button.
- An updated privacy statement, including information about the Creators Update’s privacy enhancements.
- Additional details about the user data collected, and why, with Microsoft committed to collecting only the data that is necessary to keep your Windows 10 device secure and up to date at the lowest setting.
The default selections on the new privacy settings screen will be based on the user’s previous choices; if the user previously turned off location services, for example, they will automatically be turned off.
Customers who choose the higher setting – “Full,” rather than “Basic” – will have their diagnostic data collected in order to improve Windows 10, and to “deliver more personalized experiences for you where you choose to let us do so,” Myerson wrote, noting that the “Basic” level will collect half as much data as before.
Moreover, those who install Windows 10 for the first time will be required to choose their privacy settings before starting the program up.
“Like previous privacy statement updates, we will make this information available to you in a layered manner online, allowing you to progressively explore more information about your privacy choices with Windows 10,” Myerson wrote. “Our hope is this information will help you be more informed about the data we collect and use, enabling you to make informed choices.”
Meeting GDPR standards
According to the European Commission’s website, the GDPR applies if either an organization collecting personal data or the person whose data is being collected is based in the E.U. – which means the regulations apply to organisations outside the E.U. “if they collect or process personal data of EU residents,” though it does not apply to personal data processing for reasons related to national security or law enforcement.
Notably, the regulations state that E.U. citizens must have:
- Easy access to their own data, including information on how their data is processed, which must be made available in a clear and understandable way;
- Their information stored on portable platforms – that is, easily transferable between service providers;
- The “right to be forgotten,” with data deleted when customers no longer want their data processed and there are no legitimate grounds for retaining it;
- The right to know their data has been hacked, with companies and organisations obligated to notify the appropriate authorities of serious data breaches as soon as possible so that users can take appropriate measures.
In the April 5 blog, Microsoft’s Rogers referred to Microsoft’s commitment to privacy as a “journey,” emphasizing that the latest updates were by no means the end and that the company will share more information about Windows 10’s compliance with the GDPR in the future.
“In future updates, we will continue to refine our approach and implement your feedback about data collection and privacy controls,” she wrote. “We are committed to helping ensure you have access to even more information and can review and delete data we collect via the Microsoft privacy dashboard.”
