back to article I know what EU did last summer: Official use of Microsoft wares to be probed over slurp fears

The European Union's Data Protection Supervisor (EDPS) has announced an investigation into Microsoft products used by EU institutions. The probe will build a list of Microsoft wares in use by official bloc bodies and check that the "contractual arrangements" between the two are "fully compliant with data protection rules". …

  1. NoneSuch
    Devil

    Get Current Time For All Domain Workstations

    Not being able to turn off the data slurp on Enterprise level software should be judged as illegal by the EU. That has the makings of massive law suits when confidentiality and non-disclosure agreements are in play. At best, it's Microsoft trying to catch Google. At worse, it's kibble for the NSA.

    And while we're at it, lets get rid of the XBox, Zune, et al crapware that is shoved down our throats with no way to avoid it on Win 10 Enterprise.

    1. LDS Silver badge

      Re: Get Current Time For All Domain Workstations

      I wonder how software used by professionals - and some may enter, access, and store sensitive personal data (physicians, lawyers, religious entities, etc.) can collect and transmit data - including files and memory dumps, to any third party entity with no right to process those data, without the data owner consent, and without the user being able to block it.

      And that's true for any user - which has to manage his or her own personal sensitive data.

      Windows 10 is probably in full breach of the GDPR - the fact that data are collected "to improve the product" is wholly irrelevant - and I hope Microsoft is forced to make all telemetry opt-in for all versions of Windows - joined or not joined to a domain.

    2. Anonymous Coward
      Anonymous Coward

      Re: Get Current Time For All Domain Workstations

      Does that explain why over the last few weeks my work computer doesn't have the right time till I VPN in? Even then it takes an age.

  2. Dwarf Silver badge

    Use case

    I wonder if MS can point to a single use case where XBox or Zune is on the customers requirements for the OS

    1. Must be able to play games in company time

    2. Must be able to store a bunch of probably not legal music files and have the user plugged in to their PC / bluetooth connected. Add in a bit of bandwidth slurping with the music downloads, requests to export "their music" when they leave or when their PC gets rebuilt, additional storage requirements on the file shares.. the list can go on and on.

    Now overlay the common use of virtual desktop infrastructure where its in some remote DC and screen re-displayed across the LAN and it makes even less sense.

    But then how many years ago was it that we realised that MS weren't in touch any more

  3. Anonymous Coward
    Anonymous Coward

    Time for MS to come clean

    about all that lovely data that we let them slurp from our windows systems. Somewhere in the EULA it gives them carte-blanch to take whatever they need to take and use and probably sell to anyone who want it.

    Show us in great detail what you take and then be prepared for everyone to say NO MORE.

    So EU please throw the book at them and fine them 4% of their worlwide revenues pronto.

  4. N2 Silver badge

    Bin the lot

    Be bold and choose a provider who respects privacy, as its clearl that Microsoft does not.

  5. The Wild Tomcat

    My Workstation, My Data

    The slurp is a manifestation of a greater evil: the inevitable trudge towards DaaS. No, Microsoft, my workstation is not a node in your network!

    1. Rich 11 Silver badge

      Re: My Workstation, My Data

      the inevitable trudge towards DaaS

      Death as a Service?

  6. Anonymous Coward
    Anonymous Coward

    Not going to make a huge difference.

    I know of a couple of gov departments where MS has been introduced via the golf course. There's not a chance they will even listen to objections, GDPR or not.

    1. Dan 55 Silver badge

      Re: Not going to make a huge difference.

      I assume they will find that MS should push out an update which changes the slurp level option in Windows 10 to have a GDPR-compliant setting and automatically change the option to that setting, at least for versions of Windows 10 in the EU.

      Now, how Windows 10 determines it's really in the EU without slurping is an interesting question. MS want that data and changing the locale options is too easy for people outside the EU to do.

      1. Anonymous Coward
        Anonymous Coward

        Re: Not going to make a huge difference.

        Let's just say that, as far as I can tell, Microsoft's compliance with GDPR has a couple of interesting holes in it. They are classic US in that their modus operandi is to comply with the letter of the law, whilst skirting on the wrong side of compliance with the spirit of the law.

        Publishing this is going to be, er, "interesting".

  7. Nick Kew Silver badge

    Consistency?

    So they've probed in depth into whether Huawei phones home, and they're doing it with Microsoft. Perhaps there should be a permanent team to manage a testbench and apply it to all strategically significant vendors, especially those from countries without a GDPR-equivalent? Keep the team firmly at arms length from any political influence, so it can report independently on any specific allegations/suspicions that might arise, as well as flag up hitherto-unsuspected issues.

  8. NATTtrash
    Devil

    So, when it is NOT a stupid, average consumer...

    The move is at least partially in response to a report commissioned by the Dutch government that found that the software giant's Office Pro Plus application suite, which includes the likes of Word and Outlook, was collecting all manner of data and stashing it on US-based servers.

    Gasp! Who would have known!

    That got regulators a little hot under the collar since such activities are very much frowned upon under General Data Protection Regulation (GDPR).

    Really? Only because there is GDPR?

    Users can alter the amount of data slurped by Microsoft's productivity applications (assuming they can find the settings) but not easily turn it off completely.

    format c:

    A Microsoft spokesperson told us: "We are committed to helping our customers comply with GDPR, Regulation 2018/1725...

    Well, didn't you pass the online course "How to write standard marketing statements with common used, risk avoidant statements in 5 minutes" with flying colours! But, news flash: You don't have to help your customers to comply with GDPR. You yourself are not exempt, and have to start of by "serving your customers" with a product that is compliant with all and "other applicable laws" to begin with. Perhaps, in stead of assuming you have to help your customers answering questions, maybe you should start answering yourself?

    1. Anonymous Coward
      Anonymous Coward

      Re: So, when it is NOT a stupid, average consumer...

      format c:

      Nonsense. Any Linux distro will do all of that for you. Not that you HAVE to either - most will even execute straight off a DVD/USB stick/SD card or whatever else is bootable, but that's slightly more cumbersome.

      One caveat: as far as I know, the anti-competitive Microsoft program to offer OEMs an extra discount if they lock UEFI after a Windows install is still in place. That's why Debian won't install on many Microsoft-infected systems (Debian is not going to pay Microsoft for a UEFI key, obviously).

      1. Nick Kew Silver badge

        Re: So, when it is NOT a stupid, average consumer...

        Um, AIUI Microsoft's specs not merely permit but require their vendors to make it possible for users on x86 to install other things - including Debian. The user has two choices: either disable secure boot or insert their own key.

        Isn't paying to insert a UEFI key something associated with commissioning custom hardware?

        1. Dan 55 Silver badge

          Re: So, when it is NOT a stupid, average consumer...

          MS no longer requires that OEMs include an option to disable secure boot for Windows 10 PCs.

          Apple Macs with a T2 chip only recognise MacOS and you have to disable secure boot so they boot Linux (hopefully the "boot anything" option doesn't disappear in the future).

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019