Slashdot Mirror

← Back to Stories (view on slashdot.org)

Dutch Privacy Regulator Says Windows 10 Breaks the Law (arstechnica.com)

Posted by BeauHD on from the ruler-breaker dept.

An anonymous reader quotes a report from Ars Technica: The lack of clear information about what Microsoft does with the data that Windows 10 collects prevents consumers from giving their informed consent, says the Dutch Data Protection Authority (DPA). As such, the regulator says that the operating system is breaking the law. To comply with the law, the DPA says that Microsoft needs to get valid user consent: this means the company must be clearer about what data is collected and how that data is processed. The regulator also complains that the Windows 10 Creators Update doesn't always respect previously chosen settings about data collection. In the Creators Update, Microsoft introduced new, clearer wording about the data collection -- though this language still wasn't explicit about what was collected and why -- and it forced everyone to re-assert their privacy choices through a new settings page. In some situations, though, that page defaulted to the standard Windows options rather than defaulting to the settings previously chosen. In the Creators Update, Microsoft also explicitly enumerated all the data collected in Windows 10's "Basic" telemetry setting. However, the company has not done so for the "Full" option, and the Full option remains the default. The DPA's complaint doesn't call for Microsoft to offer a complete opt out of the telemetry and data collection, instead focusing on ensuring that Windows 10 users know what the operating system and Microsoft are doing with their data. The regulator says that Microsoft wants to "end all violations," but if the software company fails to do so, it faces sanctions.

63 comments

  1. gotta do it. it's Friday by turkeydance · · Score: 1

    “There's only two things I hate in this world. People who are intolerant of other people's cultures and the Dutch.”

    1. Re:gotta do it. it's Friday by Anonymous Coward · · Score: 0

      Perfect example of a missing Oxford comma.

  2. Easy answer by WolfgangVL · · Score: 5, Insightful

    We are taking ALL OF THE DATA. Like in the deal.... the deal you agreed to by breathing and blinking twice while your eyes glazed over at the EULA.

    In the spirit of full disclosure, we feel we should also make you aware that we'll be rebooting your computer whenever its good for us, and you can trust that we will reset any user changed settings back to whatever we feel is best at that time when we do so.

    While we're at it, we are going to go ahead and remove a few features here and there, so that we can sell them back to you when you finally realize that you do indeed need them after all. But don't worry though, we will go ahead and leave the shell services and support files there so they can slowly but surely bog your system down to the point that you can only reset the system back to default and start the whole system over again.

    P.S. Thanks for all of that bandwidth we just used downloading that giant update that removes more features than it adds. Your welcome.

    Signed,

        Your friends at Microsoft, the NSA, and h1b1 "employees" everywhere.

    --
    You are being ripped off every second of every day, so that advertisers can help rip you off even more tomorrow.
    1. Re:Easy answer by Anonymous Coward · · Score: 1

      Even if M$ ever had or ever does have the option to opt out of all data collection, how could anyone possibly believe them? After all, this is a company that if left in a room with the truth would cause a matter/antimatter explosion of epic proportions!! M$ has lied so much and used so many deceptive practices that trusting them is totally impossible!!!!

    2. Re:Easy answer by Trax3001BBS · · Score: 2

      We are taking ALL OF THE DATA. Like in the deal.... the deal you agreed to by breathing and blinking twice while your eyes glazed over at the EULA.

      I've read the EULA from the first release of Win10. The way it read anybody you connected to (network) are free game for data mining (access anything connected to your computer). I'm now using Linux Mint with a dual boot of Win10 I am reluctant to use. If the EULA has changed it doesn't matter, it's the first one I'm going by.

    3. Re:Easy answer by Anonymous Coward · · Score: 0

      EULAs do not override the law and their legal bindingness is discutable at best.

    4. Re:Easy answer by mwvdlee · · Score: 1

      Dutch law isn't quite so... "corporate friendly" with regards to EULA's as the US.

      --
      Slashdot social media options: AIM, ICQ, Yahoo, Jabber and Mobile Text. Why no MySpace?
    5. Re:Easy answer by Stephen+Battleware · · Score: 1

      No they don't, But what is the fuss anyway? Even in the Home version, you can turn most of the data collection off quite easily. Telemetry can be turned off by disabling just one service in Services (two if you are paranoid), Cortana can be turned off with one simple regedit. The rest can pretty much all be turned off via the Privacy panel in Settings.

    6. Re:Easy answer by Stephen+Battleware · · Score: 1

      Microsoft already does provide the option. You can turn off most of the telemetry by disabling just one service in Services. Cortana can be turned off with a single simple regedit. The rest can pretty much be dealt with using the tool Microsoft already provides with the operating system e.g. the Privacy panel in Settings.

      And if you install the OS yourself, the installation routine enables you to turn off most of that stuff even before your first logon.

    7. Re: Easy answer by Anonymous Coward · · Score: 0

      I've done all of that. Taken every measure, and somehow every new update reverts everything back to telemetry full tilt.

    8. Re: Easy answer by Anonymous Coward · · Score: 0

      Like I said before. That's all fine, until a new update reverts everything back to "collect it all, fuck em" mode.

    9. Re: Easy answer by Stephen+Battleware · · Score: 1

      That doesn't happen here after minor updates. The big ones e.g. Creators Update and the upcoming Fall Creators Update might install with a default configuration, but they are really new versions of the operating system.

    10. Re:Easy answer by Anonymous Coward · · Score: 0

      We are taking ALL OF THE DATA. Like in the deal.... the deal you agreed to by breathing and blinking twice while your eyes glazed over at the EULA.

      No, the law here in NL (and in other EU countries) requires explicit and specific consent from the user. Think of a separate checkbox, not checked by default, for agreeing with a clear statement of what data is collected for what purpose. There are exceptions to that rule, such as data that is obviously needed to be able to provide a service (without storing your address a web shop can't deliver to your home), and there are legal requirements (a bank is required to check your id and store a copy of the document checked). Outside of those exceptions it simply isn't allowed to obtain permission through a EULA. It doesn't matter if a user agreed to the EULA, illegal clauses are not considered to be part of the contact.

      That's how it works in the EU, and companies operating in the EU have to play by those rules. The basic idea is quite simpe: if you hold data about someone that doesn't make the data yours, you're just a caretaker. It belongs to the person it is about and it's not up to you but up to that person what you may and may not do with it. Somehow that seems to be extremely difficult for American businesspeople to understand.

    11. Re: Easy answer by Stephen+Battleware · · Score: 1

      You must be on the list then.

  3. Microsoft Say Dutch Regulator Breaks The Law... by tlambert · · Score: 0

    Microsoft Say Dutch Regulator Breaks The Law by violating copyright by engaging in deep reverse engineering in violation of the license agreement.

    Two can fling that mud, buddy... 8p

    1. Re:Microsoft Say Dutch Regulator Breaks The Law... by Anonymous Coward · · Score: 0

      Microsoft Is the law.
      However, it is a moot point since the Dutch will all be gone when the temperature goes up another degree, but Microsoft will live forever.

    2. Re:Microsoft Say Dutch Regulator Breaks The Law... by Anonymous Coward · · Score: 0

      That makes as much sense (zero) as a Trump Tweet.

    3. Re:Microsoft Say Dutch Regulator Breaks The Law... by Anonymous Coward · · Score: 0

      Reverse engineering is generally legal in the EU, the limitations are mostly on what you can do with what you find. License agreements can't supersede law here.

    4. Re:Microsoft Say Dutch Regulator Breaks The Law... by slashrio · · Score: 1

      Only half of the Dutch will vanish.
      And not even that. Some will be clever enough to emigrate to higher positions.

      --
      "Trump!!", the new Godwin.
    5. Re:Microsoft Say Dutch Regulator Breaks The Law... by sabri · · Score: 1

      Reverse engineering is generally legal in the EU. License agreements can't supersede law here.

      License agreements are unable to supersede law anywhere.

      --
      I'm not a complete idiot... Some parts are missing.
    6. Re:Microsoft Say Dutch Regulator Breaks The Law... by tlambert · · Score: 0

      Correct.

      They are able to reverse engineer for interoperability.

      Not to publish internal implementation details to further a political agenda.

      Would I prefer Microsoft not collect this crap? Yes.

      Would I prefer that the Dutch government not reverse engineer the update process sufficiently that they could put government spyware on the thing in place of a normal update? Also yes.

  4. then fine them! by Anonymous Coward · · Score: 0

    Do it! Fining them is the only way to get them to fix them! Fine them per instance per day!

    1. Re:then fine them! by Anonymous Coward · · Score: 0

      The DPA's complaint doesn't call for Microsoft to offer a complete opt out of the telemetry and data collection, instead focusing on ensuring that Windows 10 users know what the operating system and Microsoft are doing with their data.

      Full disclosure is meaningless if there is no option to completely opt-out of telemetry and data collection.

      There is no usable alternative to Windows, otherwise Microsoft wouldn't have 90+% market share on the desktop. Simply telling people what you are doing means nothing if they have no choice but to accept it, whether they like it or not.

    2. Re:then fine them! by Kjella · · Score: 3, Insightful

      Full disclosure is meaningless if there is no option to completely opt-out of telemetry and data collection. There is no usable alternative to Windows, otherwise Microsoft wouldn't have 90+% market share on the desktop. Simply telling people what you are doing means nothing if they have no choice but to accept it, whether they like it or not.

      While I agree it's half a solution, it wouldn't do much good if an alternative is available but nobody knows why they'd want it or need it. There's a reason the first amendment is the first, and why the four boxes of liberty are soap, ballot, jury and ammo in that order. The most important part of any change is to raise awareness as to why the change is needed. Clearly that too has some limitations (see: Snowden) but at least it brought the discussion out of the tin foil hat crowd and into the general public. And while the alternatives might be poor you can't really make a decision until you know the stakes.

      --
      Live today, because you never know what tomorrow brings
    3. Re:then fine them! by slashrio · · Score: 1

      I'm sure if the Dutch would actually do that, soon another plane with Dutch passengers would drop down out of the sky.

      --
      "Trump!!", the new Godwin.
    4. Re:then fine them! by Stephen+Battleware · · Score: 1

      Telemetry can be turn off by disabling one service in Services (or two if you are really paranoid). Cortana can be turn off with one simple regedit. Else-wise, Microsoft has provided a Privacy panel in Settings with which you can pretty much turn everything else off.

    5. Re:then fine them! by nukenerd · · Score: 1

      Full disclosure is meaningless if there is no option to completely opt-out of telemetry and data collection.

      There is no usable alternative to Windows in most people's minds, otherwise Microsoft wouldn't have 90+% market share on the desktop.

      FTFY, and the reasons for that market share are far more complex.

      But it is true that nothing will come of this. MS will simply add a tick box for people to agree to surrender their data, and people will tick it

    6. Re:then fine them! by nukenerd · · Score: 1

      The most important part of any change is to raise awareness as to why the change is needed. .... at least it brought the discussion out of the tin foil hat crowd and into the general public.

      Most people don't give a shit, or will consider their convenience the overriding factor. Their bitching along with Snowden is easy because it does not affect their own convenience. However, refusing to use Windows on principle would affect people's convenience, do they wont do it.

    7. Re: then fine them! by Anonymous Coward · · Score: 0

      Bro you keep parroting this exact line over and over. One caveat though, it doesn't fucking work.

      1) even with it all turned off Microsoft still collects data. And...
      2) each update keeps reverting my settings backs to "collect it all, fuck em" mode.

  5. What about FANG by Anonymous Coward · · Score: 0

    Yes I think MS may collect too much data and should make the minimal level enterprise option available to all but. Google Facebook anazon and even Netflix? They collect as much data as they can and use it to optimize their products and target ads*** but no regulators care about Alexa spying on every comversation, they care about Windows sending the web url and crash dump to Redmond when Edge shits the bed. Seems odd.

    *** Netflix doesnâ(TM)t do first party advertising (yet) but they have enough preference data to target the shit out of gazilions of people.

    1. Re:What about FANG by Anonymous Coward · · Score: 0

      There are levels of collecting data. Windows 10 send all your key presses, all applications you start, in short - Everything you do on your system. That is way beyond what Google is doing.

      You can argue that Android is also collecting data, but keep in mind that Android is a free operating system, that is payed by that collected data. Microsoft Windows is ALREADY PAYED FOR, so there is no need to collect data on top of that.

      And lastly - Nobody in his right mind would use Android in a secure environment, because everybody knows about that data collection. However - Windows IS used in environments where data collection is a no-no. Personally I cannot longer advise Windows 10 to those costumers, but strongly advise to use a less intrusive and spy-ridden system like Linux.

    2. Re:What about FANG by Stephen+Battleware · · Score: 2

      You can turn all that off in Windows 10 rather simply. Telemetry can basically be turned off by turning off just one service in Services, a couple more like maps if you are paranoid. Cortana can be turned off with one simple regedit. Most of the rest can easily be dealt with tools Microsoft provides i.e. Privacy in Settings.

      As for driver updates, while Pro has deferring built in, Microsoft still provides software on its website you can download to block and defer driver updates in the Home version.

      So sure, the default settings are a bit intrusive and there's automatic updating, but Facebook Grannie wants her Candy Crush to just work, and moreover, wouldn't update her system against becoming a bot if she was paid to. The rest of us can pretty much set up Windows how we want it, it's pretty easy really.

  6. It's also on my shitlist by Anonymous Coward · · Score: 0

    Guess which one of those two makes a difference.

  7. Shocking only if one accepts MSM bias by jbn-o · · Score: 5, Interesting

    This story only comes off as the Dutch looking out for Dutch Windows 10 users' interests if one accepts a mainstream media bias against critically examining the unethical power of proprietary software.

    "The lack of clear information about what Microsoft does with the data that Windows 10 collects prevents consumers from giving their informed consent" is true as far as it goes but hardly affects just Windows 10. This whole story hinges on that Microsoft got caught ignoring user's privacy preferences and releasing more information than the user said they wanted released. All proprietary software inherently fails to give such clear information and every time that software is altered the information collected or disseminated can change, making informed consent harder.

    Software freedom is needed to truly address the underlying concerns rightly raised by the Dutch government. Only with free software can users have any real chance to understand what published software does, verify programmer/distributor's claims about the software, ensure that the software complies by modifying the software, and help one's community by distributing the improved software.

    So looking out for the users' interests makes sense to do at a government level (apparently the so-called "free market" approach results in situations like what we face now) but structurally this simply cannot be done in an effective and thoroughgoing way with non-free (user-subjugating) software. Proprietors know this and this is partly why they release their software without respecting their user's software freedom.

    --
    Digital Citizen
  8. What reverse engineering? by Anonymous Coward · · Score: 0

    Who said the Dutch Regulator reverse engineered anything? Where does it mention the regulator complaining about anything except lack of information available to the user? Nowhere! Because you fucking MADE IT UP!

    We now know what idiot posts without reading the summary: it's you, tlambert.
    The open question is: what idiots voted your nonsense up without reading the summary?

    1. Re:What reverse engineering? by tlambert · · Score: 1

      Actually, it's the AC's.

      That would be you, AC.

  9. MS already admitted willingness to break EU law by mutantSushi · · Score: 3, Insightful

    MS has already admitted their willingness to do this, that if US law and EU law are in conflict they will follow US law. Now if they wanted to, they could structure their business so there is no ability for US to influence things. If they wanted to they could structure their business so it no longer is primarily based out of the US at all. MS and similar companies use all sorts of shenanigans to evade national tax liability, but MS isn't willing to take equivalent steps to evade US jurisdiction over-reach. US tech is is undeniably in the pocket of the US state and intelligence apparatus, they have billion dollar deals flowing from that and are comfortable cooperating within US intelligence control regime. That's what they're loyal to, pure and simple.

    1. Re:MS already admitted willingness to break EU law by tsa · · Score: 1

      Which is a bit strange, because the EU is a much bigger market than the US. On the other hand, MS learned from their 'punishment' in the monopoly case that they can get away with anything in the US.

      --

      -- Cheers!

    2. Re:MS already admitted willingness to break EU law by slashrio · · Score: 1

      'Learns'? It's going as in every other banana republic: he who pays decides the tune.

      --
      "Trump!!", the new Godwin.
  10. Give the Dutch some slack by Anonymous Coward · · Score: 0

    Their diplomats are going deaf in Cuba, also.
    From the BBC:

    The Dutch have acquired new recordings of a militarized sonic warfare device targeting their embassy in Cuba. Many of their diplomats are being recalled with serious hearing loss.

    1. Re:Give the Dutch some slack by Anonymous Coward · · Score: 0

      We have yet to discover the cause, but the press has already labeled it a "militarized sonic warfare device". Fucking sheep, the whole lot of you.

  11. Look at the bright side by Anonymous Coward · · Score: 0

    In a way, I'm glad that MS dropped any pretense of allowing users to control their own computers or choose whether to be spied on. Being so blatant and shameless about it added the required motivation and made it much easier for me to forever eliminate Windows from my home and business. At least now the cards are on the table and you know exactly where you stand if you choose to use W10.

    Most people probably won't care, but oh well.

    1. Re:Look at the bright side by Stephen+Battleware · · Score: 1

      I think you overlook how much you can turn off rather simply, if you'd just bother. Windows 10 can be made reasonably private for an OS that connects to the Internet.

    2. Re: Look at the bright side by Anonymous Coward · · Score: 0

      Dude seriously fuck off man, stop trying to spread FUD. You are starting to sound like you work for M$ in the customer complaint department. You know it's FUD but still keep spouting it. Yes you can turn off SOME telemetry. You can't turn it all off. And once you update the system goes back to sucking up all your info.

  12. Firewall Windows 10 by mea2214 · · Score: 1

    Blacklist microsoft.com, windowsupdate.com, live.com, and all subdomains of those three and your Windows 10 box won't send any telemetry back to Redmond or download any updates ever.

    1. Re:Firewall Windows 10 by Anonymous Coward · · Score: 0

      I hate to break it to you bud, but that won't cut it. Windows 10 does not do domain lookups for Microsoft services. The IP addresses are hard-coded.

    2. Re:Firewall Windows 10 by spire3661 · · Score: 1

      The only solution is to deny the machine internet. Thats where we are, if you plug into the internet, you have no control over your device anymore. The only escape is exile (which is the intended outcome)

      --
      Good-bye
    3. Re:Firewall Windows 10 by Anonymous Coward · · Score: 0

      I think the build-in firewall has never been able to block Microsoft domains.

    4. Re:Firewall Windows 10 by Stephen+Battleware · · Score: 1

      No matter what operating system you use - even MS-DOS - will share information if you connect to the Internet. The very act of connecting requires the sharing of at least some information - protocol handshakes, MAC and IP addresses etc. and so on.

      Windows 10 Home is a self-updating OS - and probably should be as even Facebook Granny uses it - and of course it will supply enough information to patch the system and update drivers.

      Even with the Home version though, enthusiasts, power users and techies can take personal control the system to quite a high degree e.g. you can turn off the telemetry by switching it off in Services, turn off Cortana with one simple regedit, and even use software Microsoft provides on its website to block and defer driver updates etc. etc., and you can turn most everything else OFF via Privacy in Settings.

      And if that isn't enough for you, there's Pro which enables deferring etc. out-of-the-box, has 'group policy' software for configuring things and so on ..

  13. proposed sanctions by Anonymous Coward · · Score: 0

    I propose a forced update to all Windows 10 installations in the Netherlands, that shows a clear warning message to the user, every 10 seconds. at 10 open messages, the computer will shut down for the rest of the day.

    Or something more reasonable like not renewing any Microsoft licence for all Dutch government or government subsidized organizations.

  14. Should be opt-in only by MoarSauce123 · · Score: 2

    It needs to be up to the user to send any data to Microsoft. If the user decides not to send anything then Win 10 ought to not send a bit. Simple as that. In order to get the data, Microsoft should offer an incentive.

    1. Re:Should be opt-in only by Stephen+Battleware · · Score: 1

      You can't connect to the Internet without sharing information. The protocols require handshakes etc. etc. The very act of connecting is tacit consent for sharing at least some information. So if you do not connect it to the Internet, like every other operating system, Windows 10 shares nothing. If you do connect, like every other operating system (e.g. MS-DOS, macOS, Windows XP) data etc. will be shared. Now, it is a matter of how much.

      Everybody knows that Windows 10 Home is a self-updating OS. This requires the OS to share with the updating server which files it needs and what hardware is on-board (so drivers can be updated). The list looks longer and more intimidating than what is actually shared because the whole she-bang has to be checked. Most, I would venture, would be reported back NULL.

      As for the rest, use Privacy in Settings - easy to get to - and turn everything OFF. One or two Services turned off and one regedit later, and Windows 10 is relatively private.

      If you are a professional, a power or enthusiast user, don't run Home, run Pro which enables you to control the updating process quite a bit more.

      And before you blow a gasket, think about what Windows 10 Home is - a consumer OS which Microsoft knows will even be used by people even like Facebook Granny, ol' cousin Gerry and so on. Microsoft does play the nanny a little bit with the default Home version, and that's probably a good thing. You though, can easily change the default settings and pretty much set it up how you want it, or even get Pro and set that how you want it.

  15. Considerations aside by Stephen+Battleware · · Score: 1

    Windows 10 can be made private. If one buys Windows 10 pre-installed, the privacy settings will be as the computer's manufacturer decided they will be. That's not up to Microsoft.

    If you installed Windows 10 properly - i.e. you install it yourself - the installation routine enables you to turn just about everything off as you install it, and the rest can be managed via Privacy in Settings. Elsewise, turning off one just Service, make just one regedit and Windows 10 is as private as a self-updating Home/Consumer OS can be, Google tracking, ECHELON, your gov't, and your neighbour's driveway spy-cam aside. Really, this Dutch bunch are making a mountain out of a molehill - are they looking for a cash grab perhaps?

    1. Re:Considerations aside by drinkypoo · · Score: 1

      No, only the corporate version permits actually disabling everything via settings and policy. Additional hackery is necessary otherwise. On what level is that acceptable?

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
    2. Re:Considerations aside by Stephen+Battleware · · Score: 1

      That's right - the Home version - which even Facebook Grannie and ol' George Rubby use - auto-updates no question. They'd become bots otherwise. Regardless, the techie or enthusiast can configure Windows much more to liking. And if that isn't enough, there are versions of Windows which, as you say, enable the thing to be locked down or enable more granular control. But for the home and consumer use of the system, it is better that it isn't completely locked down from Microsoft.

      But even in the Home version, most telemetry can be shut off by turning off a single service in Services, Cortana can be turned off with one simple regedit. The rest can pretty much be dealt with using the Privacy panel in Settings.

      So IMHO, there isn't much of an issue, even with the Home version. If you did have have something super-secret - well - you need to take "Additional" steps anyway. Otherwise, the thing is relatively configurable and can be made reasonably private for an operating system that connects to the Internet.

    3. Re: Considerations aside by Anonymous Coward · · Score: 0

      You are 100% a shill that works for Microsoft. I am convinced.

      No one eats dog shit then says "this dog shit is good, everyone should enjoy it as much as I do, even though I get paid to eat dog shit"

    4. Re: Considerations aside by Stephen+Battleware · · Score: 1

      You seriously need to learn how to read between the lines.

      "The answer is out there, Neo, and it's looking for you, and it will find you if you want it to."

  16. Spying and Advertising ID also by Anonymous Coward · · Score: 0

    windows 10 collects an amazing amount of scary data, even down to the color of your case if it's in the bios. Office, SQL, Server, skype all spy on you in scary ways.

    There should be a third party to verify that this stuff is turned off.

    Just having the capability in the O/S (Along with a shitty user interface and an evil advertising-ID) is immensely disturbing.

    Microsoft has become user-hostile and evil.