Privacy regulators quiz Microsoft over Windows’ incoming Recall AI feature

David Meyer

22 May 2024 at 11:09 am·4-min read

Yesterday I wrote about the potential winners and losers in Microsoft’s big push to sell powerful and energy-efficient AI PCs. But, while there was a lot to chew on with the hardware aspects, I failed to mention a major angle to the AI-ification of Windows: privacy.

One of Microsoft’s most eye-catching announcements was that of a feature called Recall, which gives the operating system’s Copilot AI assistant “photographic memory” of what the user does on their PC. This involves taking snapshots of the active screen every few seconds, which are then encrypted and kept on the machine. The aim is to help people remember, for example, which website they found stuff on or which folder they stored stuff in. Microsoft will gradually refine the tool, ultimately allowing users to quickly open the document, website, or email shown in the snapshot.

This could clearly be useful to many people, but some privacy experts have concerns about what Microsoft is doing here—and so do data protection authorities.

The BBC reported today that the U.K. Information Commissioner’s Office has asked Microsoft for information to help it “understand the safeguards in place to protect user privacy.” And the Irish Data Protection Commission, which is Microsoft’s main privacy enforcer in the EU, told me it’s also on the case.

“We too have reached out to Microsoft this morning and are looking for further information,” said the Irish watchdog’s communications chief, Graham Doyle. (There's no word yet on any regulatory pushback in the U.S.)

Now, there’s clearly a good deal of privacy built into Windows Recall, as Microsoft explained in a statement: “Recall data is only stored locally and not accessed by Microsoft or anyone who does not have device access. The security to protect a user's Recall data is the same as for anything on the endpoint. With available built-in security and identity features, an attacker would need to get physical access to the device, be able to unlock it and sign-in, and Microsoft already builds in defenses, such as Windows Hello, right into devices.”

Also, per Microsoft’s FAQ on the subject, Recall is designed to avoid taking snapshots of private browsing sessions in the company's Edge browser, and users will be able to click on a special icon to “make choices about what snapshots Recall collects and stores.”

However, the same page warns that “Recall will not hide information such as passwords or financial account numbers” from those viewing the snapshots. And that’s far from being the only potential pitfall for Microsoft here.

The most immediate issue is whether Recall’s implementation complies with the General Data Protection Regulation (GDPR)—an EU law, but one that’s also still replicated in the legal system of post-Brexit Britain. As Keystone Law partner Daniel Tozer told the BBC, the GDPR means “Microsoft will need a lawful basis to record and re-display the user’s personal information.” And with these snapshots often containing sensitive personal information, that basis may need to involve the user’s active consent.

The big question here is whether Microsoft will be getting that consent in a GDPR-compliant (and ethically sound) way. European regulators have generally maintained that you can't claim to have received consent in a situation where the user is automatically opted into the processing of their data. And that is what's happening here.

Although Microsoft insists that people setting up one of the incoming Copilot+ AI PCs will be "informed about Recall and given the option to manage [their] Recall and snapshots preferences"—a spokesperson told me this means "you have the option from the start to opt in or opt out"—the fact remains that not clicking through the Recall settings will automatically authorize the default saving of snapshots.

Then there’s the question of who has access to your computer. Again, keeping everything local comes with clear benefits, but people often share their computers and logins with others, particularly family members. As cybersecurity expert Eva Galperin noted in an X post: “I’ve got some news for Microsoft about how domestic abuse works.”

It’s too early to say that Recall has irredeemable privacy flaws, but Microsoft definitely has to demonstrate that it has answers to all the questions that are rightly being raised, otherwise it may find itself in trouble with both regulators and Windows users.

More news below.

David Meyer

Want to send thoughts or suggestions to Data Sheet? Drop a line here.

This story was originally featured on Fortune.com

Business Insider
Ground robots may be the 'next game-changer technology' of the war, senior Ukrainian official says
Ukraine is looking to build a fleet of ground robots for assault, minelaying, and logistics missions, Mykhailo Fedorov told Business Insider.
The Independent
Security loophole lets hackers spy on people and affects every device and internet connection
A new security loophole could let hackers spy on anyone – and every internet connection and device is vulnerable, according to the researchers who found it. It works by monitoring changes in the speed of a user’s internet connection – not requiring any kind of code or access to a machine.
Fool.co.uk
3 magnificent AI stocks I own that aren’t Nvidia
These AI stocks are some of Edward Sheldon’s largest portfolio holdings. He reckons they have enormous potential in the long run. The post 3 magnificent AI stocks I own that aren’t Nvidia appeared first on The Motley Fool UK.
Associated Press Finance
'Hamster' crypto craze gripping Iran highlights its economic malaise ahead of presidential election
Cab drivers and bikers tap away furiously on their mobile phones as they wait at red lights in the Iranian capital during an early June heatwave. A wider crypto craze aside, the app's rise in Iran highlights a harsher truth facing the Islamic Republic ahead of Friday's presidential election to replace late President Ebrahim Raisi, who died in a helicopter crash in May: an economy hobbled by Western sanctions, stubbornly high inflation and a lack of jobs.
CNN Business
Microsoft faces mega fine after EU takes issue with bundling of Teams and Office
Microsoft has violated European Union antitrust laws by bundling Teams with its other popular applications for businesses, EU officials said in preliminary findings Tuesday, marking the bloc’s latest challenge to a US tech giant.
Bloomberg
Oracle Warns That a TikTok Ban Would Dent Revenue and Profit
(Bloomberg) -- Oracle Corp. warned investors that a new law potentially banning TikTok in the US threatens to hurt its financial results.Most Read from BloombergYouTuber Dr Disrespect Was Allegedly Kicked Off Twitch for Messaging MinorNvidia Rout Takes Breather as Traders Scour Charts for SupportTrump Could Actually Lose Florida. Here’s Why.Rivian Gets $5 Billion Lifeline in Joint Venture With VolkswagenJulian Assange Leaves Court ‘Free Man,’ Ending 14-Year DramaThe law signed by President Joe B
Oxford Mail
Users left 'truly hurt' after Google app shuts down for good in the UK
Google shut down the Google Podcast app in the UK on Monday (June 24) in favour of YouTube Music.
Reuters Videos
EU charges Microsoft over Teams bundling
STORY: Microsoft is in trouble with the EU over its popular collaboration app Teams, and could face a big fine.Antitrust regulators charged the U.S. tech giant on Tuesday (June 25) of illegally bundling the product with its Office software, making it hard for rivals to compete. They said the app was given a distribution advantage - while limitations preventing interactions between Teams competitors and Microsoft's offerings hurt rivals.They also said recent moves to unbundle the package were insufficient and more needed to be done.The European Commission warned Microsoft needed to make more changes to restore competition.The move was triggered by a complaint four years ago by Salesforce-owned messaging app Slack.Teams was added to Office 365 in 2017 for free, and replaced Skype for Business.Its popularity soared during the pandemic due in part to its video conferencing.Microsoft said it would work find solutions.In April, it separated Teams from Office globally to try to resolve EU antitrust concerns.If the company was fined, it would be the first such punishment in two decades for Microsoft in Europe.
Benzinga
'No Microphones, No Cameras, No Ads' — Mark Zuckerberg's Unusual New Venture
Mark Zuckerberg, the billionaire behind Facebook, is investing in Yoto, a company that makes screenless audio players for kids. His investment fund, Chan Zuckerberg Ventures, is part of an £18 million ($22 million) funding round that also includes famous investor Sir Paul McCartney. Zuckerberg's fund and other new investors invested roughly $11 million, while the rest came from existing investors and share sales. Yoto was founded in 2015 by Ben Drury and Filip Denker and is now worth about $182
Yahoo Life UK
Get £50 off Shark's quiet and adjustable fan that shoppers say is 'easily the best on the market'
Innovative in design, Shark's FlexBreeze Portable Fan comes with eight different modes, a mister, timer, rechargeable battery pack and near-silent operation.
Yahoo Finance Video
EU sues Apple over App Store payment practices
Apple (AAPL) faces a new legal battle as the European Union accuses the tech giant of violating recently implemented digital competition legislation. The allegations center around Apple's App Store practices, which regulators claim prevent app developers from offering alternative purchasing methods. Yahoo Finance's legal reporter Alexis Keenan breaks down the details of the lawsuit, providing insights into how it could impact Apple's operations moving forward. For more expert insight and the latest market action, click here to watch this full episode of Catalysts. This post was written by Angel Smith
Reuters Videos
Apple's App Store rules breach EU rules - regulator
STORY: Apple is in hot water with European authorities again.EU antitrust regulators said Monday the company's App Store conditions breach the bloc's tech rules.They accuse the U.S. tech giant of preventing app developers from steering consumer to alternative offers.It's a charge which could lead to a large fine for the iPhone maker.The accusation against Apple is the first by the European Commission under its landmark Digital Markets Act, or DMA.Those rules aim to rein in the power of Big Tech and ensure a level playing field for smaller rivals.EU antitrust chief Margrethe Vestager said Apple's new terms don't allow app developers to communicate freely with their end users, and to conclude contracts with them.The Commission also criticised the fees charged by Apple for facilitating via the App Store the initial acquisition of a new customer by developers.Apple said it had made a number of changes over recent months to comply with the DMA, and was confident its plan is in accordance with the law.The EU executive said it was also opening another investigation into Apple.That's over the firm's new contractual requirements for third-party app developers and app stores and whether these were necessary and proportionate.DMA breaches can cost companies fines as much as 10% of their global annual turnover.
Reuters
Apple charged with breaching EU tech rules, faces another probe
AMSTERDAM (Reuters) -European Union antitrust regulators charged on Monday that Apple breached the bloc's tech rules, a charge that could result in a hefty fine for the iPhone maker which also faces another investigation into new fees imposed on app developers. The European Commission, which is also the EU's antitrust and technology regulator, said it had sent its preliminary findings to Apple following an investigation launched in March. The charge against Apple is the first by the Commission under its landmark Digital Markets Act which seeks to rein in the power of Big Tech and ensure a level playing field for smaller rivals.
CNN Business
EU could hit Apple with a huge fine after accusing it of breaking new tech rules
European Union regulators have accused Apple of breaking tough new digital competition rules by preventing app developers from freely directing consumers to cheaper services.
Bloomberg
Apple Adds Alibaba, JD to List of Vision Pro Apps for China
(Bloomberg) -- Apple Inc. has added China’s two biggest online retailers to a growing list of apps that will support its mixed-reality Vision Pro headset when it goes on sale on Friday.Most Read from BloombergYouTuber Dr Disrespect Was Allegedly Kicked Off Twitch for Messaging MinorNvidia Rout Takes Breather as Traders Scour Charts for SupportTrump Could Actually Lose Florida. Here’s Why.Rivian Gets $5 Billion Lifeline in Joint Venture With VolkswagenJulian Assange Leaves Court ‘Free Man,’ Endin
Fortune
Expect to see more cost-effective ‘cobots’ working alongside humans, says Bank of America
Cobots are among the next generation of robots on the rise.
AFP
Hikes, nosy neighbours afflict Zimbabweans in quest for mobile connection
As the sun sets over Zimbabwe's Matobo Hills, boys throw stones to chase baboons away.- Prying ears - The Matobo Hills, a UNESCO World Heritage site famed for its distinctive rock boulders, provide some relief to Silozwe's residents.
The Independent
My abusive ex-boyfriend secretly stalked me for months with hidden tracking app on my phone
Exclusive: Number of coercive control and stalking cases in which GPS tracker used up by over 300 per cent in last five years
Hello!
Carol Kirkwood sparks concern from BBC Breakfast fans with latest TV appearance
Carol Kirkwood has sparked concern from BBC Breakfast viewers with her latest appearance on the current affairs programme. Get the details here…
OK! Magazine
Prince Harry's sharp take on the Middleton family's 'country bumpkin' life and William's 'obsession'
Top royal author Tina Brown claimed Prince Harry "couldn’t understand Prince William's obsession with his Middleton in-laws" and their lives in the countryside "bored Harry to tears"

NIKKEI 225

HANG SENG

CRUDE OIL

GOLD FUTURES

DOW

Bitcoin GBP

CMC Crypto 200

NASDAQ Composite

UK FTSE All Share

How to save for a good retirement income

Privacy regulators quiz Microsoft over Windows’ incoming Recall AI feature

Latest stories

Ground robots may be the 'next game-changer technology' of the war, senior Ukrainian official says

Security loophole lets hackers spy on people and affects every device and internet connection

3 magnificent AI stocks I own that aren’t Nvidia

'Hamster' crypto craze gripping Iran highlights its economic malaise ahead of presidential election

Microsoft faces mega fine after EU takes issue with bundling of Teams and Office

Oracle Warns That a TikTok Ban Would Dent Revenue and Profit

Users left 'truly hurt' after Google app shuts down for good in the UK

EU charges Microsoft over Teams bundling

'No Microphones, No Cameras, No Ads' — Mark Zuckerberg's Unusual New Venture

Get £50 off Shark's quiet and adjustable fan that shoppers say is 'easily the best on the market'

EU sues Apple over App Store payment practices

Apple's App Store rules breach EU rules - regulator

Apple charged with breaching EU tech rules, faces another probe

EU could hit Apple with a huge fine after accusing it of breaking new tech rules

Apple Adds Alibaba, JD to List of Vision Pro Apps for China

Expect to see more cost-effective ‘cobots’ working alongside humans, says Bank of America

Hikes, nosy neighbours afflict Zimbabweans in quest for mobile connection

My abusive ex-boyfriend secretly stalked me for months with hidden tracking app on my phone

Carol Kirkwood sparks concern from BBC Breakfast fans with latest TV appearance

Prince Harry's sharp take on the Middleton family's 'country bumpkin' life and William's 'obsession'