Dutch DPA: Microsoft breaches data protection law with Windows 10


The Dutch data protection authority has found that Microsoft's Windows 10 operating system breaches Dutch law by processing personal data of the system's users without informing them clearly about what type of data the company uses and for what purpose. In addition, users cannot give valid consent because the company does not clearly inform them that under the default settings it collects personal usage data through its Edge web browser. The result is to rob users of control over both their data and the personalised ads and recommendations the company presents them with as a result. Failure to change default settings during installation is not equivalent to giving consent for the use of personal data.

More than 4 million devices use Windows 10 Home and Pro in the Netherlands, each of which continuously collects technical "telemetry" - that is, performance and user - data. This includes which apps are installed and how often they are used, as well as web surfing data. 


Related learning resources