Microsoft data collection in Europe.

[Carreau]

I recently came across a request from the French Govt, to Microsoft to limit the amount and extent of data they collect:

https://www.cnil.fr/en/windows-10-cnil-publicly-serves-formal-notice-microsoft-corporation-comply-french-data-protection

I though that might be of interest. The text is in english, if there are pieces in french I can translate.

TL:DR; from what I got, the "Basic" data collection option state that it's "necessary for [windows] to function correctly", you cannot set your device to send less information. This amount of information was judge too much, and it was shown that another lower level was available but hidden.

Anyway, this is typical of the cease and desist that we might get from Europe if/when move forward, and can likely be a good resource.

[takluyver]

I'm not a lawyer, still less a French one, but I doubt this would be a problem for us if we stick to what we've talked about. We will only collect data from users who have opted in, and we'll give them a link to clear information about what sort of data is collected and why.

I think even Nathaniel's "ping on no" probably wouldn't fall foul of data collection legislation, because we're not keeping anything identifiable.

[Carreau]

Sure, I agree that we seem far from what Microsoft is collecting. Though it give a nice idea of where the upper-boundary of what we can collect form a legal standpoint in france can be. It's often hard to interpret texts as they say things like "reasonable" and "appropriate to the situation".

[takluyver]

But I assume that that limit is only if you're doing it without users' informed consent.

[Carreau]

But I assume that that limit is only if you're doing it without users' informed consent.

The complaint is also that Microsoft also ask for user consent, but is not explicit enough about what it does [and enable it by default]. Anyway it's far from what we like to collect and from how we'd try to collect it. Just an interesting resource.