Microsoft introduced a new capability in some of its products to help organizations ensure their compliance with data privacy regulations, in particular the European Union’s General Data Protection Regulation (GDPR).
The “Windows diagnostic data processor configuration” became generally available this week, Microsoft announced, It’s enabled in certain Microsoft tools, namely “Desktop Analytics, Update Compliance, Microsoft Managed Desktop, and the Windows Update for Business deployment service,” .
Data Controller Oversight
Windows collects diagnostic information, and organizations have had rather non-transparent ways of limiting what gets collected. They can just select a pre-set data collection level. Microsoft’s current data collection levels include “Diagnostic Data Off” (previously called “Security”), “Required” (previously called “Basic”) and “Optional” (previously called “Full”). Organizations that use the Windows Update service to keep systems patched need to use the Required option. These nuances, and more, are described here https://docs.microsoft.com/en-us/windows/privacy/configure-windows-diagnostic-data-in-your-organization#enable-windows-diagnostic-data-processor-configuration
Microsoft is positioning the Windows diagnostic data processor configuration capability, as being equivalent to having data controller oversight as required by the GDPR.
From the “Configure Windows Diagnostic Data” document:
The Windows diagnostic data processor configuration enables you to be the controller, as defined by the European Union General Data Protection Regulation (GDPR), for the Windows diagnostic data collected from your Windows devices that meet the configuration requirements.
According to a European Union glossary entry, “the data controller is the party that, alone or jointly with others, determines the purposes and means of the processing of personal data.” The glossary entry adds that “the actual processing may be delegated to another party, called the data processor.”
It seems that Windows diagnostic data processor configuration capability is mostly conceived as a means for organizations to become compliant with the GDPR with regard to their customers. It’s also an assurance about Microsoft’s data collection practices.
Now generally available, the Windows diagnostic data processor configuration further empowers you to manage your organization’s diagnostic data. It provides you familiar tools to support data subject rights, including managing, exporting, or deleting data stored securely in your Azure tenant. It also lets you benefit from our technology without compromise.
The capability also helps organizations to elete data should they get a customer request to do so, which is also a GDPR prerogative. The customer, in GDPR lingo, is known as the “data subject” in such cases.
Handling data subject requests happens though “the admin portal,” according to a note in this “Windows 10 and Privacy Compliance” document.
Prerequisites to Using Diagnostic Data Configuration
There are prerequisites to using the Windows diagnostic data processor configuration capability, which is just supported on devices using “Windows 10 Pro, Education or Enterprise editions, version 1809 with July 2021 update or newer.” In addition, the Windows devices “must be joined to Azure Active Directory.”
The Windows diagnostic data processor configuration capability just applies to data collection by Windows components. It doesn’t apply to the apps running on top of Windows, which have their own data collection practices.
