Concerns do not stop appearing for Microsoft Windows 10 system users. Although most users of this system don’t care too much about the security of their information, ethical hacking experts claim that multiple malicious actors spend a lot of time waiting for the right time to exploit vulnerabilities or take advantage of bad security practices from users and companies.
The good news is that, just like malicious users, there are various companies, government agencies and non-profit organizations concerned that companies will comply with best information security practices. The Dutch Data Protection Agency (DPA), for example, has proposed and tested some changes in Windows 10 that would consolidate the security of this operating system; the bad news is that this happened after an investigation into breaches of data protection law in the Netherlands was revealed.
“Although Microsoft has complied with multiple data privacy requests, our research has revealed that the company keeps collecting a large amount of Windows 10 users’ telemetry data, so a new research about Microsoft data collection policies is on its way”, says a DPA statement.
According to the experts in ethical hacking, because the company’s European headquarters are in Ireland, it is up to the Irish Data Protection Committee to investigate the new allegations against the company. However, if any non-compliance is found, Microsoft will be penalized in accordance with the provisions of the European Union’s General Data Protection Regulation (GDPR).
This is a high-relevance data, as GDPR imposes fines of up to 4% of a company’s annual profits. In this case, Microsoft could be fined up to €3.2 billion if authorities determine that the company incurred in users’ privacy violations.
The allegations that the company is facing this time are related to the collection of telemetry data from Windows 10 users; in fact, users are showed these requests during the operating system installation process. According to ethical hacking experts, authorities seek to determine whether the company explains this data collection process to users in a sufficiently clear way, as well as whether Microsoft is collecting more information than it is admitting.
On the other hand, the company claims that it has taken seriously all the recommendations issued by the Dutch data protection authorities, especially those related to products such as Windows 10 Home and Pro. “We will work with the Irish Data Protection Commission to investigate, as well as to resolve any questions that arise during this process,” says a statement from the company.
Experts in ethical hacking from the International Institute of Cyber Security (IICS) advice Windows 10 users concerned about the permissions they have granted the company to consult the recently released Microsoft privacy statement on their website, in addition to tracking any updates on the incident published by the company.