Use of Windows 10 Enterprise in Compliance with Data Protection Regulations
The Bavarian data protection authority for the private sector (Das Bayerische Landesamt für Datenschutzaufsicht - BayLDA) investigated, together with other European data protection authorities, if Windows 10 could be used in compliance with existing data protection regulations. While other countries mainly examined the Windows 10 Home and Pro editions, used by private persons, the BayLDA analyzed exclusively Windows 10 Enterprise, the edition that is meant for companies. After finishing the audit, the BayLDA stated that it is possible to use Windows 10 Enterprise in a compliant form.
BayLDA’s central question was how far it would be possible to configure the Enterprise version with little effort in a way that data transmission to Microsoft, initialized by the operating system, can be controlled and, if needed, even be prevented. Already during the introduction of Windows 10, there was strong criticism on the operating system’s data protection. Especially the telemetry data, configured to inform Microsoft in the background about the way Windows 10 was used, became the focus of data protection specialists. Windows telemetry data particularly include information that deal with the system’s usage from technical point of view, like system crash reports, installed apps and details about their use, or information about used hardware.
The now published test report of the BayLDA reveals that in Windows 10 Enterprise Version 1607 and 1703 the transmission of personalized user data, which may be unclear or critical under the aspect of data protection, can be limited via centralized group policies, using just a few settings. Thus, in the opinion of the BayLDA, it is possible to use Windows 10 Enterprise in a business environment without data protection breaches if it has been appropriately configured.
BayLDA - The Bavarian Data Protection Authority for the Private Sector