Virtual Event: Threat Detection and Incident Response Summit - Watch Sessions
Connect with us

Hi, what are you looking for?



Microsoft Clarifies User Data Collection in Windows 10

Microsoft on Monday published new details on the user data collection in Windows 10, in an attempt to put controversy on the matter to rest.

Microsoft on Monday published new details on the user data collection in Windows 10, in an attempt to put controversy on the matter to rest.

Previously, the software giant confirmed that Windows 10 collects user data which is sent to Microsoft, under the claim that it was used for an improved overall user experience. However, this raised concerns regarding user privacy and the manner in which the collected data would be used, especially since both consumers and enterprise users are affected.

These concerns deepened when news broke in the beginning of September that Windows 7 and Windows 8.1 also started collecting user data following a series of Diagnostics and Telemetry tracking service updates released this spring. Microsoft said at the time that the update was pushed to systems in the Customer Experience Improvement Program (CEIP), and that users could opt out of it at any time.

As Rob Sadowski, Director of Technology Solutions at RSA, told SecurityWeek in early September, that it is important for users understand what data is being collected and for what purpose. Moreover, developers need to understand the security implications of data they collect, as they are responsible for keeping user information protected against unauthorized disclosure, he said.

In a Monday blog post, Microsoft suggests that it is aware of all these implications and explains that Windows 10 collects information so that it would work better. Moreover, the company notes that users are in control of the collected information and how it is used, and that all data is encrypted when transmitted and is stored in secure facilities.

The blog post reiterates what the tech giant previously stated about the collected data—that it includes only a limited amount of information necessary for delivering a secure and reliable Windows experience. This means that, if a driver or applications crashes on multiple PCs, the collected user data can be used to deliver an update that fixes the problem as soon as possible.

“This includes data like an anonymous device ID, device type, and application crash data which Microsoft and our developer partners use to continuously improve application reliability. This doesn’t include any of your content or files, and we take several steps to avoid collecting any information that directly identifies you, such as your name, email address or account ID,” the company says.

Advertisement. Scroll to continue reading.

The software company also explains that enterprise customers will receive enterprise feature updates later this year to provide them with the option to disable the data collection process. As expected, Microsoft recommends against this, but businesses might be more concerned about their privacy than user experience in Windows 10.

To deliver a personalized experience, Windows 10 also collects personal information on users, including typing habits, sports team preferences, and the like. Cortana, on the other hand, might require some more personalized information to offer a full experience, yet the tech company notes that users can always change their privacy settings to control the collected data.

“Unlike some other platforms, no matter what privacy options you choose, neither Windows 10 nor any other Microsoft software scans the content of your email or other communications, or your files, in order to deliver targeted advertising to you,” Microsoft explains, adding that user feedback on these privacy concerns is welcomed.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...


Many in the United States see TikTok, the highly popular video-sharing app owned by Beijing-based ByteDance, as a threat to national security.The following is...

Artificial Intelligence

Two of humanity’s greatest drivers, greed and curiosity, will push AI development forward. Our only hope is that we can control it.


Employees of Chinese tech giant ByteDance improperly accessed data from social media platform TikTok to track journalists in a bid to identify the source...

Mobile & Wireless

As smartphone manufacturers are improving the ear speakers in their devices, it can become easier for malicious actors to leverage a particular side-channel for...

Cloud Security

AWS has announced that server-side encryption (SSE-S3) is now enabled by default for all Simple Storage Service (S3) buckets.


Meta was fined an additional $5.9 million for violating EU data protection regulations with WhatsApp messaging app.