Dutch privacy watchdog Autoriteit Persoonsgegevens is accusing Microsoft of breaching data protection law with Windows 10, claiming that it collects data from users’ computers without clearly informing them about the information that’s being sent to its servers and for which purpose.

The conclusions of the Dutch Data Protection Authority (DPA) point out that Microsoft “continuously” collects information about the usage of apps and web surfing behavior when the default settings are used, adding that the software giant is playing it dirty by enabling the full telemetry setting by default when installing Windows 10.

Furthermore, the group claims that not only that Microsoft asks users to accept the offered settings, but the Windows 10 installer also comes with options to use the telemetry data and show personalized ads and recommendations in Windows and Edge enabled by default.

“If a person does not actively change the default settings during installation, it does not mean he or she thereby gives consent for the use of his or her personal data,” the privacy watchdog says.

The Dutch DPA also accuses Microsoft of ignoring users’ privacy settings when upgrading to the Creators Update, as computers that were previously set to basic telemetry were automatically switched to full telemetry level if no user changes were made.

They could spy on users

Dutch officials claim that the amount of data that Microsoft collects from users’ computers allows the firm to always keep an eye on what Windows 10 customers do on their computers.

“It turns out that Microsoft’s operating system follows about every step you take on your computer. That results in an intrusive profile of yourself,” Wilbert Tomesen, vice-chairman of the Dutch DPA, said. “What does that mean? Do people know about this, do they want this? Microsoft needs to give users a fair opportunity to decide about this themselves.”

Microsoft has already implemented a series of changes in the Creators Update in order to comply with the requirements of other privacy organizations across the world, including an improved installer with more options and information to explain the data collection process.

The company hasn’t yet offered a statement following these new claims, but the Dutch organization says “Microsoft has indicated that it wants to end all violations.” Otherwise, they could very well be fined, the group warns.

UPDATE - Microsoft response: Microsoft has just published a public response to the DPA claims, explaining that while it's open to talks and it's willing to collaborate with the privacy watchdog, there are some points in today's statement that aren't exactly accurate.

The firm has thus provided us with a fact sheet that basically dissects DPA's press release to explain that Windows 10 doesn't violate user privacy and in fact provides adopters with several tools and a significant number of options to configure the data collection process on their systems.