Windows is currently running on 78% of all computers that have Internet access. Microsoft also offers many software solutions for companies. But what data is transferred to the American software giant and to what extent? And can the system even be used in a manner that complies with data protection laws in view of such data transfers to the USA?
You can find out everything you need to know here.
The importance of telemetry data
Raw data is collected under the collective term telemetry. Due to the connection of most computers to the Internet, the software usually transmits this data quite simply in the background to the software manufacturer's servers.
The subject of the collected data may be information about operating system activities and thus the system status of a computer system. The purpose of this data is to optimize the software product or detect errors. The problem that is often discussed, especially with regard to Windows 10, is that the log data can also be personal data (user account, IP address, location, internet activity, user preferences, etc.). This personal data is then transmitted to servers in the USA, but these servers do not provide any not (yet) the same level of protection. as those within the EU.
From from a data protection perspective This immediately raises the question: Can Windows be used in the company in compliance with data protection regulations?
Revoke consents
Systems such as Windows like to package the collection of telemetry data under fine-sounding phrases such as "improving the customer experience". The user's consent is obtained for such procedures. You can revoke this consent at any time in the system settings.
In addition, you should also take a critical look at the respective privacy policy. Here you should pay particular attention to the extent to which data about interaction with the product and data about the devices used are generally collected. Furthermore, you should also pay attention to the purposes of the processing and the processing entities.
Data collections from the software manufacturer must be checked for compliance with the GDPR.
Telemetry monitoring
In order to check the telemetry component of Windows 10, the German Federal Office for Information Security (BSI) is providing a Technical solution available. "The developed "System Activity Monitor" (SAM) enables detailed recordings of the system and application behavior of Windows telemetry for research purposes. The publication is part of a comprehensive security analysis in which the BSI is investigating security-critical functions of the operating system. The aim is to be able to assess the security and residual risks for the use of Windows 10, to identify framework conditions for the secure use of the operating system and to create practical recommendations for hardening and the secure use of Windows 10.", according to the BSI.
The evaluation of this system must then be examined in terms of data protection law.
Telemetry can be switched off?
A BSI security analysis came 2018 still came to the conclusion that switching off the transmission of telemetry data was technically possible, but hardly feasible for the simple user. In addition, individual Windows applications can also collect and send data without the central telemetry service.
At Activity Report of the Bavarian State Office for Data Protection from 2019 (under Section 3.4), however, we came to the conclusion that the collection of telemetry data can at least be completely disabled under Windows 10 Enterprise.
You need support in the following areas Data protection in the company? Our team of experts is on hand with help and advice!
English 
Deutsch 
Español 
Français 
Polski 
English
Deutsch 
Deutsch 
English 
Español 
Français 
Polski 
Deutsch 
Deutsch 
English 
Español 
Français 
Polski