Having already asked Microsoft to make modifications to Windows, the Dutch data protection agency (DPA) called for an investigation by the Irish Data Protection Commission (DPC), Microsoft’s lead EU privacy regulator.
The Dutch claim to have found “new, potentially unlawful, instances of personal data processing” although it is not saying what.
To be fair the agency said that Vole had complied with the agreements made so far but its checks also brought to light that Microsoft is remotely collecting other data from users. As a result, Microsoft is still potentially in breach of privacy rules.
“Microsoft is permitted to process personal data if consent has been given in the correct way. We’ve found that Microsoft collect diagnostic and non-diagnostic data. We’d like to know if it is necessary to collect the non-diagnostic data and if users are well informed about this”, the DPA said,
Because Microsoft has European headquarters in Ireland, the Irish Data Protection Commission was asked last month to get involved. The DPC will now be engaging with Microsoft to see if any violations have occurred.
Microsoft said that it will work with the Irish Data Protection Commission to learn about any further questions or concerns it may have, and to address any further questions and concerns as quickly as possible.
The company added: “Microsoft is committed to protecting our customers’ privacy and putting them in control of their information. Over recent years, in close coordination with the Dutch data protection authority, we have introduced a number of new privacy features to provide clear privacy choices and easy-to-use tools for our individual and small business users of Windows 10. We welcome the opportunity to improve even more the tools and choices we offer to these end users”.