Lawsuit Says Microsoft Knew Windows 10 ‘Potentially Harmful’

Microsoft’s Windows 10 launch in July 2015, was notorious within and without the tech sphere for a number of reasons. In a break from tradition, the tech giant offered users an opportunity to upgrade to Windows 10 for free, which was initially welcomed — however the firm’s promotional tactics were widely criticized, with many users reported the ostensible upgrade was forced upon them, installing automatically.

Such was the obloquy surrounding this approach, Microsoft Chief Marketing Officer Chris Capossela publicly acknowledged the firm had gone “too far,” and their “aggressive” push to get users to upgrade had crossed the line. Windows 10 now operates on around 400 million devices worldwide.

In this particular suit, brought at an Illinois court in the US, the plaintiffs state Windows 10 destroyed their hard drives and/or caused them to lose data, forcing them to buy a new computer or pay for repairs.

The suit states the claimants are among “many” consumers who have had hard drives fail due to the installation, and the operating system does not check whether a device’s software or hardware could withstand “the stress” of an installation.

These problems are, the suit states, so endemic and widespread they show Windows 10 breached its implied warranty of merchantability, and there should have been greater warnings that the update could damage PCs or data and prompts for users to create backups. It further alleges Microsoft was negligent, failing to “exercise reasonable care” in designing, formulating, and manufacturing the upgrade, and the firm knew Windows 10 had “potentially harmful propensities.”

The plaintiffs are claimed to be but three among hundreds or thousands of others who have suffered in the same way, and incurred similar costs. They are pursuing US$5 million in damages.

In a statement, Microsoft said if a customer who upgraded during the one-year program needed “help” with the upgrade experience, the company offered them numerous options, including free customer support and 31 days to revert to their old operating system.

“We believe the plaintiffs’ claims are without merit,” the Microsoft statement said.

Beyond complaints about automatic upgrades and forceful promotional tactics, Windows 10 has also been condemned for its approach to data collection.

Early adopters expressed concerns about the use of default settings to harvest voluminous amounts of user data, such as web browsing history, Wi-Fi network names and passwords, in order to display personalized adverts to users browsing the web or playing games.

While users were given the ability to opt-out of data collection, the process for doing so was believed by many to be complex and opaque, comprising 45 pages of privacy policy documents, with opt-out settings spread across 13 different screens and housed on an external website.

In response, the EU data protection group, the Article 29 Working Party, instigated an investigation, as did several national data protection authorities, including France’s independent regulatory data privacy body, the Commission nationale de l’informatique et des libertes (CNIL). Their independent conclusions were much the same — the company must stop excessive data collection.

Among the breaches CNIL accused Microsoft of were the failure to obtain notice for data transfers, breaking cookie law requirements, having inadequate security protections for personal data, failure to file an authorization request for processing personal data for fraud prevention purposes, and breach of cross-border data transfer restrictions.

In February, the Article 29 Working Party issued a statement saying it still had “significant concerns” about how Microsoft collects and processes users’ personal data, and whether it obtains fully informed consent from users to do so.

“There is an apparent lack of control for users to prevent collection or further processing of such data. The Working Party specifically requests further explanatory information from Microsoft, as to how the opt-outs, default settings and other available control mechanisms presented during the installation of Windows 10 operating system provide a valid legal basis for the processing of personal data under the Data Protection Directive 95/46/EC. This is especially of concern where Microsoft would rely on consent as a legal basis for the processing of personal data,” the statement said.