Dutch Regulators catch Windows 10 breaching GDPR

Reading time icon 3 min. read

Readers help support Windows Report. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help Windows Report sustain the editorial team Read more

Two years in the offing and GDPR is still being breached. It will come as no surprise to many that a big, American tech company is in trouble for breaking General Data Protection Regulation (GDPR). It seems that Microsoft has been playing ‘hide the data‘ with respect to GDPR, according to Privacy Company (yes, really), the company that discovered the breaches.

Microsoft’s Windows 10 breaching GDPR

Of course, it is fair to say that there have been many breaches. However, many of them were leading up to GDPR when companies were panicking a bit.

I particularly like the tweets sent out just before GDPR about companies sending out mass emails about how much they respect privacy, and then CCing everyone in the email (rather than BCCing). Oh you couldn’t make it up.

However, companies cocking things up before and during the implementation of GDPR and Microsoft ignoring it six months after its implementation is another thing.

It’s not voluntary, you know

Microsoft will no doubt cry foul, pointing out that it has made concrete efforts to abide by GDPR, such as moving its data center back to Europe. It will also say that the data it was collecting was only the normal data it collects to help improve its Windows 10 (and Microsoft Office) programs.

I think the Dutch regulators will need more convincing. They said, “Data provided by and about users was being gathered through Windows 10 Enterprise and Microsoft Office and stored in a database in the US in a way that posed major risks to users’ privacy.” And Privacy Company, sounding even more damning, stated that Microsoft practised the, “large-scale and secret processing of data”.

Five largest fines handed out by EU

As it stands, things don’t look good for Microsoft, and I have a funny feeling that the EU is going to look at this as yet another American company thinking it doesn’t need to take EU regulations seriously. Which is strange considering recent fines would suggest that this would be an extremely reckless stance.

EU fines as of July 18, 2018

  1. Google — fined $5 billion in 2018
  2. Google — fined $2.7 billion in 2017
  3. Intel — fined $1.45 billion in 2009
  4. Qualcomm — fined $1.2 billion in 2018
  5. Microsoft — fined $794 million in 2004

Now, I realize that these companies are mega-rich, but even a company like Google must baulk at the idea of having to cough up $5 billion bucks to the EU. If you want more of the juicy details, head over to Business Insider.

Microsoft did release a statement to TNW saying:

We are committed to our customers’ privacy, putting them in control of their data and ensuring that Office ProPlus and other Microsoft products and services comply with GDPR and other applicable laws. We appreciate the opportunity to discuss our diagnostic data handling practices in Office ProPlus with the Dutch Ministry of Justice and look forward to a successful resolution of any concerns.

I’m predicting the ‘successful’ resolution will cost Microsoft millions. Mind you, considering all the data it has captured, maybe it will be worth it.


More about the topics: windows 10 news, Windows 10 Privacy Guides