Concerns do not stop appearing for Microsoft Windows 10 system users. Although most users of this system don’t care too much about the security of their information, ethical hacking experts claim that multiple malicious actors spend a lot of time waiting for the right time to exploit vulnerabilities or take advantage of bad security practices from users and companies.
The good news is that, just like malicious
users, there are various companies, government agencies and non-profit
organizations concerned that companies will comply with best information
security practices. The Dutch Data Protection Agency (DPA), for example, has
proposed and tested some changes in Windows 10 that would consolidate the
security of this operating system; the bad news is that this happened after an
investigation into breaches of data protection law in the Netherlands was
“Although Microsoft has complied with multiple data privacy requests, our research has revealed that the company keeps collecting a large amount of Windows 10 users’ telemetry data, so a new research about Microsoft data collection policies is on its way”, says a DPA statement.
According to the experts in ethical hacking,
because the company’s European headquarters are in Ireland, it is up to the
Irish Data Protection Committee to investigate the new allegations against the
company. However, if any non-compliance is found, Microsoft will be penalized
in accordance with the provisions of the European Union’s General Data Protection Regulation (GDPR).
This is a high-relevance data, as GDPR imposes
fines of up to 4% of a company’s annual profits. In this case, Microsoft could
be fined up to €3.2 billion if authorities determine
that the company incurred in users’ privacy violations.
The allegations that the company is facing this
time are related to the collection of telemetry data from Windows 10 users; in
fact, users are showed these requests during the operating system installation
process. According to ethical hacking experts, authorities seek to determine
whether the company explains this data collection process to users in a
sufficiently clear way, as well as whether Microsoft is collecting more
information than it is admitting.
On the other hand, the company claims that it
has taken seriously all the recommendations issued by the Dutch data protection
authorities, especially those related to products such as Windows 10 Home and
Pro. “We will work with the Irish Data Protection Commission to
investigate, as well as to resolve any questions that arise during this
process,” says a statement from the company.
Experts in ethical hacking from the
International Institute of Cyber Security (IICS) advice Windows 10 users
concerned about the permissions they have granted the company to consult the
recently released Microsoft privacy statement on their website, in addition to
tracking any updates on the incident published by the company.