
Dutch Data Protection Authority: Microsoft breaches law with Windows 10 - danieldk
https://autoriteitpersoonsgegevens.nl/en/news/dutch-dpa-microsoft-breaches-data-protection-law-windows-10
======
chrisper
>Microsoft has indicated that it wants to end all violations. If this is not
the case, the Dutch DPA can decide to impose a sanction on Microsoft.

These big companies always get away with a Warning. So if I were Microsoft,
then why would I not have done it this way? They can now just say "It was nice
while it lasted." But that's about it.

Another point I have is that if you join the Insiders Program you have to
submit your "typing data" (whatever that is). I understand that some data is
required if I join the program (since I am then a tester, so some debugging
data is okay). But some of the data should not always be submitted
automatically, even if I am a tester. Data such as my typing data and full
memory dumps.

~~~
Cthulhu_
> These big companies always get away with a Warning.

[https://www.cnbc.com/2017/06/27/the-largest-fines-dished-
out...](https://www.cnbc.com/2017/06/27/the-largest-fines-dished-out-by-the-
eu-commission-facebook-google.html) \- over 1.5 billion in fines, they were
made to release versions without a media player, they were made to offer a
browser selection window.

~~~
kagamine
Yeah, but when I was driving 12km/h over the limit I got a huge fine right
there and then. I wasn't told to drive under the limit up the road while the
police reviewed my behavior. I think that's what OP means, one rule for
megacorps, another for the rest of us.

edit: My question is that when you have a company that has a track record, why
do government contracts and private enterprise keep begging on the same street
corner, instead of looking for work elsewhere, that is to say, why do they
keep going back to Windows and not invest elsewhere as investment would lead
to an acceptable (to them) enterprise Linux (Red Hat++ exists!)

~~~
maccard
That’s not true - plenty of people/places will stop you, and tell you not to
speed, and then send you out a ticket in the mail. It’s also a totally
different situation - if you were under investigation for X crime (but not
proven guilty yet) you’re allowed to (mostly) go about your business while you
wait for the investigation to conclude

~~~
fapjacks
Only if the crime is relatively minor. How bad of a crime is using dragnet
surveillance to create activity logs and dossiers of millions of people, then
using that to profit financially, but also (very probably) providing those
dossiers and activity logs to foreign governments' intelligence services?

------
giancarlostoro
I wish Microsoft would keep moving their recently changed reputation forward
(at least with some people they seem to be doing good by building open source
tools) by being clearer about their data collection and allowing more controls
over it, as well as more controls over Windows Update, seems after the
Creators Edition I lost control over my Windows Updates (namely I remember
being able to pick dates for running updates, now I only get the option to
pick the hours that I'm allowing them to update) I'm switching to Ubuntu and
running Windows in a VM as a result, at least then I only lose what's on
Visual Studio.

~~~
bjpbakker
> by building open source tools

While MS is working on some open source tools (Typescript is one example I can
think of), they seem to have no problem violation licenses with their Windows
tools (to only release code when they have no other choice) [0] [1].

> clearer about their data collection

Please remind me why an OS that you paid good money for (>$100) needs to
collect your personal data and usage at all? :)

[0] -
[https://www.osnews.com/story/21882/Microsoft_s_Linux_Kernel_...](https://www.osnews.com/story/21882/Microsoft_s_Linux_Kernel_Code_Drop_Result_of_GPL_Violation)

[1] - [http://www.zdnet.com/article/microsoft-admits-its-gpl-
violat...](http://www.zdnet.com/article/microsoft-admits-its-gpl-violation-
will-reissue-windows-7-tool-under-open-source-license/)

(edit: formatting)

~~~
CurtHagenlocher
You do realize that those links are from 2009, right? Regardless of anything
else good or bad the company has done, the relationship between Microsoft and
Open Source couldn't be more different today than it was then.

Disclosure: employee since 2008

~~~
bjpbakker
Yes these are old links. However, I haven't seen any change in MS's behavior
regarding Open Source since.

More recently they build an emulator for running Linux binaries (Bash), which
again is closed source [0].

> relationship between Microsoft and Open Source couldn't be more different
> today than it was then

Please mention some examples of this?

[0] -
[https://github.com/Microsoft/BashOnWindows/issues/178](https://github.com/Microsoft/BashOnWindows/issues/178)

~~~
CurtHagenlocher
By "more different" I mean the internal culture -- not necessarily the
externally facing part. Ten years ago I was working on IronPython and
IronRuby, open source reimplementations of other open source projects. Even
though the originals are under a very permissive license, we weren't allowed
to go anywhere near their source. Because of company policy, where external OS
was essentially treated as radioactive, there was a vacuum around both process
and engineering knowledge.

Today, the company has a lot of standardized procedures and tools around the
consumption of external open source -- and, in fact, actively encourages it.
Along with that comes awareness of appropriate and not appropriate usage. In
the nine-year old example you give, that's obviously not an appropriate usage.

I'm not sure what your point is about the reimplementation of the Linux kernel
API inside Windows. Most large software companies build some amount of closed
source software. I don't know what decisions might lead to this being opened
or not opened, but there are very few people who'd argue that a company should
publish or make available all of their source code.

~~~
bjpbakker
> Today, the company has a lot of standardized procedures and tools around the
> consumption of external open source

That MS consumes open source for their own good comes not at all unexpected to
me. However, consuming is not contributing. I believe you made to point that
MS now contributes to the OSS community. I may have misunderstood.

> I'm not sure what your point is about the reimplementation of the Linux
> kernel API inside Windows. Most large software companies build some amount
> of closed source software

Most companies don't clone FOSS but build on top of it instead. Also most
companies are pretty open about using OSS (crediting the projects and their
source code). I haven't seen a single written line from MS crediting GNU and
the Linux community for their work. They only credit MS and their own people.
(Some recent examples: [0] [1])

[0] - [https://blogs.msdn.microsoft.com/wsl/2016/07/08/bash-on-
ubun...](https://blogs.msdn.microsoft.com/wsl/2016/07/08/bash-on-ubuntu-on-
windows-10-anniversary-update/)

[1] -
[https://blogs.technet.microsoft.com/heyscriptingguy/2016/09/...](https://blogs.technet.microsoft.com/heyscriptingguy/2016/09/28/part-1-install-
bash-on-windows-10-omi-cim-server-and-dsc-for-linux/)

------
Maarten88
I wonder what makes Windows worse than Android. Android seems to get consent
in an equally unclear way (i.e. location tracking), collect much more personal
data because phones are carried everywhere, and runs on much more devices in
the Netherlands than Windows 10.

Is Android going to be the next target, please?

~~~
notzorbo3
Android's location tracking is a feature and I believe is not turned on
automatically. Most of Windows 10's data collection serves no obvious purpose
and is on by default. It's also 4 screens full of toggles that make you go "uh
what?!"

But I wouldn't mind if they went after android for the purpose of making it
clearer what's being tracked and gathered.

~~~
RobertoG
"Android's location tracking is a feature and I believe is not turned on
automatically."

It's not but they insist that you do in an unclear way every time you open
google maps.

~~~
hadrien01
And when you disable location while it's in GPS-only mode and re-enable it, it
defaults to the send-everything-to-Google mode.

------
miggol
The Dutch law for the protection of personal information (wet bescherming
persoonsgegevens) on which these conclusions are based, is basically just an
implementation of an EU-wide directive. So if the WBP authority can agree that
this breaks the law, this could climb up the ladder and result in another huge
EU fine for Microsoft. I wonder if and how MS will respond or react to this
release.

~~~
amigoingtodie
Probably Windows 10.1

~~~
marindez
Or an N version again.

~~~
zokier
Yes, I'm thinking this will at most result yet another N version that nobody
will buy and will have 0 practical impact.

~~~
vetinari
Nobody will buy it, because it will be unobtanium, just like the N version
was.

~~~
zaroth
I thought it was easy to obtain, but nobody actually wanted it!

~~~
vetinari
Have you ever tried to obtain it? Have you ever seen it as an OEM version
bundled with computers, or just a box?

The only time I've seen it was on the MSDN download page. Nowhere else.

"Nobody wanted it" was a dishonest statement. It was not available -> nobody
bought it -> so nobody "wanted" it.

~~~
zaroth
Listed right there next to the other editions in Stores which are required to
sell it....

[https://www.microsoft.com/en-
cy/store/collections/windows](https://www.microsoft.com/en-
cy/store/collections/windows)

------
akerro
This took much longer than many people expected.

Next year new data-protection EU-law will be introduced, it will hit companies
like Facebook, Google and MS, it will also affect your company, so take a read
what's changing [http://www.telegraph.co.uk/connect/small-
business/business-n...](http://www.telegraph.co.uk/connect/small-
business/business-networks/bt/data-protection-laws-changing/)

~~~
KozmoNau7
I work at an ISP.

GDPR is _huge_ and #1 on just about every priority list. Accounting for every
single piece of (even theoretically) personally identifiable information,
access restrictions to said data, storage time limits, logging of access and
changes (without logging anything sensitive) and everything else is a gigantic
undertaking.

Every single system we have that stores or even just caches data is affected
by this, and it's tying up a large amount of our resources.

As a consumer I certainly welcome the GDPR, but as someone who works in IT,
holy shit our workloads have increased.

~~~
tjoff
This is when it pays off to just minimize the use identifiable information.

Finally there might be a drawback to just collect just because it seems to be
valuable and might be exploitable tomorrow. The vast majority of companies
never even recovers the development cost of collecting the data, no wonder
they don't have the energy left to secure it.

~~~
dom0
Folks who designed their applications with data reduction and data economy in
mind have a much easier time with all of this.

------
Beltiras
I am so looking forward to how Microsoft will handle the GDPR. 4% of MSFT
turnover is roughly 3.5 billion dollars. That is the sort of fine the GDPR
allows for serious privacy violations (which this is).

------
dep_b
I like what they're doing because Microsoft is just too vague about what
they're really doing with all this information. At least they should be forced
to be way more clear about what they're doing. But it's a bit hypocritical one
side of the government is complaining about involuntary collection of personal
data while the other end wants to legalize it for itself:

[https://geensleep.net](https://geensleep.net)

------
throw2016
The premise that you can make predictions based on historical data and force
it down people's throat is deeply flawed and only perpetuates those obsessed
with data hoarding and analysis and are vested in seeing more value than it
provides and patterns where none exist.

There is no reason for Google or Microsoft to track any individuals location,
buying preferences or interests. They are fickle and change forget days hour
to hour. They perpetuate echo chambers and promote narrow segmented views
rather than universal information.

So historical data is useless. And the very idea of tracking location and
being blase about it seeking to 'normalize' it is deeply invasive, odious and
authoritarian. It's not normal to stalk people. These companies have become
monsters with no ethical constraints in search of more ad revenue and there is
going to be a massive backlash soon.

------
zvrba
So, as I read the article, the main objection is that the users aren't
informed clearly enough about data collection. MS can remedy this in two ways:
1) by being more clear about data collected and asking for consent, 2) by
turning off data collection.

I guess they'll go for 1). No that I mind, I almost always say "yes" when
asked to participate in improvement programs.

