
Microsoft’s commitment to GDPR, privacy and customers’ control of their own data - danieldk
https://blogs.microsoft.com/on-the-issues/2018/05/21/microsofts-commitment-to-gdpr-privacy-and-putting-customers-in-control-of-their-own-data/
======
setquk
Privacy: ability to opt out of all data collection.

Microsoft privacy: inability to opt out of all data collection unless you pay
for enterprise edition.

This makes a mockery of any policy.

~~~
glogla
Also ads for Candy Crush in you operating system.

Microsoft is scum. They have not changed from the 90s, they are just better at
hiding it.

~~~
Fnoord
Microsoft is reinventing itself.

You can disable those ads. You can remove apps like Skype. Manually or with an
app such as O&O Shut Up. I also use Classic Shell instead of the new start
menu.

~~~
setquk
You're missing the point.

Do you buy a car and have to peel all the advertising stickers off the
windscreen, disable the tracking devices and scrub candy crush off the
dashboard.

Nope.

~~~
adventured
> Do you buy a car and have to peel all the advertising stickers off the
> windscreen

Yep, something akin to that. Nearly all dealerships - whether luxury brands or
not - place some form of dealership identification / promotion on your car
when you buy it and without asking permission. That can be a sticker in the
door well, it can be an obnoxious attached badge physically on the car surface
(never happens with luxury dealerships), it can be a license plate frame, and
so on.

~~~
lozenge
Do they put them back with every servicing too?

~~~
glogla
And do they track you?

------
toomanybeersies
Here's a question I haven't seen asked or answered:

Can I now (in 4 days time), ask Microsoft for all the data it's hoovered up
from my Windows 10 installation?

I've only seen people talking about GDPR as it applies to websites, but as far
as I'm aware, it applies to all software.

~~~
willyyr
There is an option to delete all diagnostic data collected (Windows 10 1803).
You can find it under Settings->Privacy-> Diagnostics & feedback-> Delete
diagnostic data. As others have mentioned you can access and manage it using
the portal that is linked.*

* _I work at Microsoft._

~~~
Krasnol
Would that delete the data that has already been transferred to Microsoft?

And as others mentioned: the portal is useless for people without MS account.
What about those?

~~~
willyyr
That's exactly what this option does. It deletes everything that has been
collected up until that point.

~~~
Krasnol
Thank you.

------
potench
Ok so there’s a privacy policy on this website and a standard “we use cookies”
header but where is the consent management platform that’s supposed to let me
review all the purposes and vendors used on the site so I can choose which
ones I want to give consent to and which ones I don’t. The
[https://github.com/appnexus/cmp](https://github.com/appnexus/cmp) appnexus
cmp is the only cmp I’ve found that’s open source and provides a clear
reference to what GDPR means as far as integrating the actual GDPR spec for an
euconsent signal, a UI for managing consent, and deferring cookies/data-
collection until after consent. Gdpr goes into effect in 4 days and I still
haven’t seen any CMPs integrated in the wild. Has anybody?

~~~
r3bl
Here's a marvelous example I've stumbled upon yesterday:
[https://juro.com/policy.html](https://juro.com/policy.html)

The entire privacy policy is very well done (and beautifully designed, I may
add). Clear options, transparency over who gets your data, ability to use the
product without providing PII and all sorts of other goodies.

Specific quotes related to consent:

> If you have previously given consent to our processing your data you can
> freely withdraw such consent at any time. You can do this by emailing us at
> support@juro.com. If you do withdraw your consent, and if we do not have
> another legal basis for processing your information, then we will stop
> processing your personal data.

Disclaimer: I'm not affiliated with Juno nor am I their user. I just randomly
stumbled upon their privacy policy.

~~~
grabeh
It may be a good policy, but this is unrelated to the point on cookie consent
made in the parent post. In fact the Juro site uses a variety of analytics
cookies without even having a cookie banner in place, let alone any granular
system for managing cookie consent.

~~~
r3bl
Fine, here's a Dutch public broadcaster:
[https://www.npo.nl/](https://www.npo.nl/)

Upon opening it, you'll see a button labeled "Cookie-instellingen aanpassen".
Clicking on it allows you to fine tune their cookie policy. "Functional" and
"Analytics" categories can't be disabled, while the other (third-party)
cookies can.

~~~
grabeh
Thanks! Although I gotta say that they offer no options in relation to
analytics cookies which is technically in breach of the e-Privacy directive as
those cookies are not strictly necessary here. There are a few cookie
solutions that can be used here - BT.com has a decent user flow.

The new e-Privacy Regulation coming into force next year will however, as
presently drafted, provide an exception from consent for analytics programmes
that only use gathered data on a per-site basis (so excluding Google Analytics
for example).

------
trendia
I'm not convinced.

I run a Pi-Hole [0] to redirect all advertising-related queries to a black
hole. When tracking the most-blocked domains, Microsoft is at the very top
[1].

For instance, when I enter "Office" into the start menu, Microsoft immediately
sends a ping to bing.com and Microsoft's telemetry servers. That is, Microsoft
is sending all of the data entered into the start menu to Microsoft's servers,
even when using the 'Pro' version and with 'full' telemtry off.

When it was first detected that Microsoft was adding telemetry calls to all
compiled programs in Windows [2], Microsoft said it was mostly for event
debugging for programmers. Now I'm not so sure -- look at your Microsoft
account privacy settings to see that Microsoft tracks when you open
applications. (They say on the page that not all data is shown there).

Unforutnately, there is no way to opt out of this. You can "disable" full
telemetry, but you still have to opt into "Basic" telemetry, which still sends
your advertiser ID, the programs you run, and the queries you put into the
start menu. I'm concerned that Microsoft is not going to stop here. They have
a real incentive to capture as much data about you as they can -- they
currently earn about $1 billion in advertising through Bing.com search
queries. Unlike Google or especially Facebook, however, it's much more
difficult to opt out of Microsoft's tracking -- so many people depend on
Microsoft Office or other Windows programs that I can't fully switch to Linux.

I don't know how this is acceptable through GDPR. There are so many problems
with what Microsoft is doing:

1\. There is no way to opt out of telemetry

2\. There is no way to see all of the data that Microsoft has collected

3\. Microsoft has severe lock-in because so much software is written for
Windows-only

4\. Microsoft has an incentive to increase their telemetry, not decrease it.

[0] [https://pi-hole.net/](https://pi-hole.net/)

[1] [https://imgur.com/a/MbjtYJe](https://imgur.com/a/MbjtYJe)

[2]
[https://old.reddit.com/r/cpp/comments/4ibauu/visual_studio_a...](https://old.reddit.com/r/cpp/comments/4ibauu/visual_studio_adding_telemetry_function_calls_to/)

~~~
nojvek
How much I would pay for EU to make a good example of Microsoft and fine then
billions for not complying to GDPR policies.

------
a_imho
I was just wondering whether there is an automatic update to Windows disabling
(all?) telemetry, then let the user make the choice to opt in without grey UI
patterns and fud.

~~~
kartan
Yes. I got my configuration reset and needed to set up some features again.

This is an example of what you get on startup, and cannot be skipped:
[https://twitter.com/baekdal/status/996391978957987845](https://twitter.com/baekdal/status/996391978957987845)

~~~
Kim_Bruning
I keep looking for the "None" option; but I guess that's Enterprise only?

~~~
vntok
Explicit user consent is not the only way to get GDPR compliant

------
docdeek
Smart business from Microsoft, and a gauntlet of sorts for other global tech
firms.

~~~
phs318u
Agreed. There's no reason why Microsoft - a software and hardware maker -
couldn't be more like (or even supercede) Apple in this regard - i.e. treat
the user as the customer not the product.

Further to that (without wanting to be cynical), it's probably also easier for
MS to avoid the potentially complex jurisdictional issues that GDPR raises.
One privacy code-base to rule them all.

~~~
vkou
> Agreed. There's no reason why Microsoft - a software and hardware maker -
> couldn't be more like (or even supercede) Apple in this regard - i.e. treat
> the user as the customer not the product.

Besides Apple's sky-high margins and complete control over the iPhone
ecosystem, with a vice-like grip on app developers, no reason whatsoever.

If Microsoft made $400 per Windows PC that was sold, and 30 cents on every
dollar of windows software ever sold (And had a competitor called Froogle with
a steady 70% market share, whose business was based on user monetization),
they'd probably be less interested in monetizing their users. I'm not entirely
sure that's a world you'd want to live in, though.

~~~
Angostura
For context, Microsoft's fiscal 4th quarter, as reported last July, saw
profits of $6.5 billion, doubling year on year, largely due to strong growth
in its cloud offering.

Strong privacy offerings might cut that to - what? $6bn?

~~~
Kim_Bruning
Leveling the playing field means that people who provide good privacy options
are no longer out-false-competed in a race to the bottom.

It's entirely plausible that companies will actually see their income
increase.

------
yAnonymous
>Respecting the privacy rights of consumers everywhere

Anyone who tried to disable the Windows 10 tracking knows what a load of shit
that statement is.

