News

Windows 10 Creators Update Privacy Changes

• By Kurt Mackie
• 04/05/2017

Microsoft released some information on what is changing on the privacy front once Windows 10's next major update is released.

The journey apparently started because of comments Microsoft received about those privacy controls in Windows 10. Microsoft specifically pointed to feedback from "the European Union's Article 29 Working Group and national data protection authorities" in its announcement by Terry Myerson, executive vice president of the Windows and Devices Group and Marisa Rogers, privacy officer of the Windows and Devices Group.

Last year, France's data protection commission gave Microsoft three months to address alleged noncompliance with France's privacy laws by the Home and Pro editions of Windows 10. The complaints concerned the handling of data transfers, advertising IDs, cookies, PIN security and telemetry reporting. The Electronic Frontier Foundation had also accused Microsoft of disregarding user privacy with Windows 10.

New Privacy Choice Screens
Possibly, Microsoft addressed those past complaints. However, today's announcement focused on the newly revised privacy control screens that will appear with the Windows 10 creators update, which will start to arrive on April 11. Microsoft showed the screen views that consumers will see, as well as the ones seen by IT pros when performing a "clean install" of the operating system. The two types of screens are similar except for color. Some controls can't be turned off, such as the "Diagnostics" setting, which allows a choice between either "Basic" or "Full" telemetry reporting.

The new Windows 10 creators update privacy policies were previously described in January. Back then, Microsoft indicated it would eliminate the "Enhanced" telemetry reporting option with the rollout of the creators update. The Enhanced option previously was the "default" setting for the Windows 10 Enterprise and Education editions, but it'll be gone with the creators update. Consequently, Windows 10 users who used the Enhanced option will have to specify their privacy choices again when the creators update arrives.

However, some privacy settings will be saved for users moving to the Windows 10 creators update.

"The actual values of the toggles on this [privacy settings] screen will be based on your current settings in Windows 10," Microsoft's announcement explained.

Microsoft's announcement claimed it has halved the amount of event data collected at the Basic privacy level with the creators update. Lists for both the Basic and Full privacy options, showing what gets collected, are now published.

The announcement didn't mention it, but another privacy telemetry option exists below the Basic level, called "Security." The Security privacy option is only available for some Windows 10 editions (Enterprise, Mobile Enterprise, Education and IoT Core), plus Windows Server 2016, as explained in this TechNet article. 

Microsoft also has now published a portal, called the "Microsoft Privacy Dashboard," that shows the information it has collected on an individual user. The portal has controls to view and clear browsing history, search history and location information. Users also can edit collected Cortana data and Microsoft Health data using the portal.

Yet To Come
Microsoft's announcement promised to provide more information for enterprise Windows 10 users on privacy compliance. It's also planning to talk about Windows 10's compliance with the European Union's General Data Protection Regulation, which is a set of new rules on electronic communications and personal data protections for EU member countries. The EU's General Data Protection Regulation specifies privacy regulation on metadata, cookies and spam, but it's still one year away, with adoption planned for May 25, 2018.

Of course, with most governments and corporations viewing online privacy as secondary to spying and monetization efforts, Microsoft's newfound "transparency" on privacy controls in Windows 10 might not appear to be too hopeful. The company's alleged collaboration with the U.S. National Security Agency's secret PRISM data collection program is perhaps still recalled. 

Microsoft's privacy announcement perhaps isn't hitting the right note, too, given the present milieu. For instance, this week, President Trump signed a law that rolls back Federal Communications Commission rules that had protected customers of Internet service providers from ISPs that might opt to sell their customer's data. Under the new law, the Federal Trade Commission is supposed to oversee consumer privacy, but it lacks the authority to do so.

"Because of the current legal landscape, the FTC can't police ISPs either, leaving customers without a federal agency that can clearly protect them in this space," the Electronic Frontier Foundation explained, in a blog post.

The Electronic Frontier Foundation has published privacy advice with respect to using ISP services. The tips include picking an ISP that won't abuse privacy, opting out of tracking and supercookies, using the Tor Browser and the HTTPS Everywhere browser extension, and setting up a virtual private network.