The Dutch Data Protection Agency (DPA) has raised new privacy concerns against Microsoft regarding its Windows 10 operating system.
In a follow-up to a 2017 investigation over privacy concerns regarding Microsoft’s collection of telemetry data, the DPA announced Tuesday that while the tech giant has made improvements in some areas of user privacy, the DPA also discovered new, potentially unlawful instances of personal data processing with regard to Windows Home and Windows Pro.
“Microsoft has complied with the agreements made,” the DPA said in reference to privacy improvements announced by Microsoft in April 2018. “However, the check also brought to light that Microsoft is remotely collecting other data from users. As a result, Microsoft is still potentially in breach of privacy rules.”
“The Dutch DPA advises users to pay close attention to privacy settings when installing and using Windows software,” the statement continues. “Microsoft is permitted to process personal data if consent has been given in the correct way.”
The DPA has referred the investigation to its Irish counterpart, as Ireland is home to Microsoft’s regional headquarters. The Irish Data Protection Committee has confirmed receipt of the information.
Under the EU’s General Data Protection Regulation (GDPR), Microsoft could be subject to a fine of up to 4 percent of its annual global turnover, meaning billions could potentially be on the line.
“We will work with the Irish Data Protection Commission to learn about any further questions or concerns it may have, and to address any further questions and concerns as quickly as possible,” a Microsoft spokesperson told TechCrunch.
Microsoft becomes the latest Big Tech company to enter the crosshairs of Ireland’s data regulators, joining Facebook and Google, among others. Ireland has yet to issue a fine under the GDPR.