UK Data Protection Authority Investigates Microsoft's Recall AI Feature over Privacy Concerns

Concerns over privacy and security remain as Microsoft faces increasing scrutiny over handling of user data
ICO expects organizations to be transparent with users about data usage and processing
Microsoft states Recall does not share screenshots with other users or applications
Recall snapshots kept on local hard disks and protected using data encryption but sensitive information not hidden
Recall takes screenshots of user screens and saves them locally for later retrieval
UK Information Commissioner's Office (ICO) investigating Microsoft's Recall AI feature over privacy concerns
UK Data Protection Authority Investigates Microsoft's Recall AI Feature over Privacy Concerns

Microsoft's New AI Feature, Recall, Under Investigation by UK Data Protection Authority

Microsoft's latest AI feature, Recall, which takes screenshots of a user's active screen every few seconds and saves them locally for later retrieval, is under investigation by the UK Information Commissioner's Office (ICO) over privacy concerns.

The ICO is an independent public authority that reports to the Parliament of the United Kingdom and is tasked with promoting and upholding data privacy rights for individuals. The organization has stated that it expects organizations to be transparent with users about how their data is being used and only process personal data to the extent necessary.

Recall, which is exclusive to Microsoft's Copilot+ PCs, has raised concerns among privacy campaigners who argue that the feature could potentially be a 'privacy nightmare.' The ICO has contacted Microsoft for more information on the product's safety and privacy concerns.

Microsoft states that Recall snapshots are kept on users' local hard disks and protected using data encryption. However, sensitive information like passwords and financial account numbers will not be hidden in the stored screenshots. The company also notes that Recall does not share screenshots with other users or applications.

The controversy surrounding Recall comes as Microsoft faces increasing scrutiny over its handling of user data and privacy. In 2023, the US government scolded Microsoft for lax security practices after it was revealed that a vulnerability in Microsoft Edge allowed hackers to steal users' browsing history.

Recent statistics from Statcounter show that Microsoft Edge is the only browser that allows users to filter out websites from being captured by Windows Recall. Chromium-based browsers, such as Mozilla and Vivaldi, do not have this feature.

Microsoft plans to expand Recall's functionality to allow users to pull up anything that happened recently on their Copilot+ PC and interact with or use it. However, concerns over privacy and security remain.



Confidence

91%

Doubts
  • Is the ICO's investigation ongoing or has it resulted in any findings?
  • What specific privacy concerns have been raised about Recall?

Sources

98%

  • Unique Points
    • Microsoft's new AI feature, Recall, is being investigated by the UK’s Information Commissioner’s Office (ICO)
    • Microsoft does not remove sensitive data, including passwords, addresses, and health information from the screenshots stored locally on users’ computers
  • Accuracy
    • Microsoft does not remove sensitive data from the screenshots stored locally on users’ computers
    • Recall provides a history of activity on a user’s entire computer powered by AI
  • Deception (100%)
    None Found At Time Of Publication
  • Fallacies (100%)
    None Found At Time Of Publication
  • Bias (100%)
    None Found At Time Of Publication
  • Site Conflicts Of Interest (100%)
    None Found At Time Of Publication
  • Author Conflicts Of Interest (100%)
    None Found At Time Of Publication

73%

  • Unique Points
    • Microsoft introduced a new AI product called Recall.
    • Recall takes screenshots of the active screen every few seconds and saves them locally.
    • Screenshots are protected using data encryption on the device.
    • Recall does not share screenshots with other users or applications.
  • Accuracy
    • Users can limit when screenshots are taken.
  • Deception (30%)
    The author uses emotional manipulation by painting a dystopian picture of Microsoft's new AI product and implying potential privacy violations without providing concrete evidence. The article also engages in selective reporting by focusing on the negative aspects of the product while ignoring any potential benefits or context.
    • It's been a big couple of days for Microsoft... It's a potential privacy nightmare.
    • People might avoid visiting certain websites and accessing documents, especially confidential documents, when Microsoft is taking screenshots every few seconds.
  • Fallacies (85%)
    The author uses an inflammatory headline and appeals to fear by describing the new AI product as a 'dystopian nightmare' and a 'privacy nightmare'. She also quotes experts who use similar language. However, the author does not provide any actual evidence or logical reasoning to support these claims.
    • ]Experts are calling it a
  • Bias (80%)
    The author expresses concern and labels the product as a 'privacy nightmare' without providing any counterargument or perspective from Microsoft. She quotes experts who share similar concerns but does not challenge their assertions.
    • 'It’s been a big couple of days for Microsoft... The AI-powered “Recall” feature, touted by Microsoft as “an explorable timeline of your PC’s past”, has already proven controversial... It is, AI and privacy advisor Dr Kris Shrishak told the BBC, a potential “privacy nightmare.” ’
      • 'The mere fact that screenshots will be taken during use of the device could have a chilling effect on people... People might avoid visiting certain websites and accessing documents, especially confidential documents, when Microsoft is taking screenshots every few seconds.’
      • Site Conflicts Of Interest (100%)
        None Found At Time Of Publication
      • Author Conflicts Of Interest (100%)
        None Found At Time Of Publication

      72%

      • Unique Points
        • Windows Recall is a feature in Windows 11 that takes a snapshot of a user’s active screen every few seconds and stores them for later retrieval.
        • The feature does not perform content moderation and cannot hide information like passwords or financial account numbers in the stored snapshots.
        • Microsoft Edge is the only browser that allows users to filter out websites from being captured by Windows Recall.
      • Accuracy
        • Windows Recall stores data even when users engage in private browsing sessions in Microsoft Edge or Chromium-based browsers, but does not save content from InPrivate mode or Incognito mode in other browsers.
        • Microsoft states that all processing occurs on the customer’s device, and the snapshots are stored locally.
        • The feature cannot respect GDPR requests to delete personal data exposed in an application when the source data is deleted by a data controller.
      • Deception (30%)
        The article contains several instances of deception through selective reporting and emotional manipulation. The author quotes various experts expressing concerns about the privacy implications of Windows Recall, but fails to mention that Microsoft has stated that all processing takes place on the user's device and that snapshots stay there. The author also implies that Microsoft is not respecting private browsing activity or GDPR requests, but does not provide any evidence for this claim. Additionally, the author uses emotional language such as 'privacy nightmare' and 'massive privacy risk' to manipulate the reader's emotions and create a sense of alarm.
        • It also cannot respect GDPR requests to delete personal data exposed in an application when the source data is deleted by a data controller.
        • Microsoft is once again playing gatekeeper and picking which browsers get to win and lose on Windows – favoring, of course, Microsoft Edge.
        • The Windows 11 feature is supposed to eventually expand to allow users to pull up anything that happened recently on their Copilot+ PC and interact with or use it again, as the system logs all app activity, communications, and so on, to local storage for search and retrieval.
      • Fallacies (100%)
        None Found At Time Of Publication
      • Bias (50%)
        The author expresses concern over the potential privacy implications of Microsoft's Windows Recall feature, which takes snapshots of a user's active screen every few seconds and stores them for retrieval. The author mentions that all processing takes place on the user's device and that snapshots stay there, but also notes that sensitive information such as passwords or financial account numbers may be inadvertently included in these snapshots. The author quotes Microsoft stating that Recall does not perform content moderation and cannot respect GDPR requests to delete personal data. The author also mentions concerns from privacy experts and cybersecurity advisors regarding the potential for this feature to store sensitive information and create a new vector of attack for cybercriminals.
        • Microsoft did not engage our cooperation on Recall, but we would have loved for that to be the case, which would have enabled us to partner on giving users true agency over their privacy, regardless of the browser they choose.
          • Recall stores not just browser history, but also data that users type into the browser with only very coarse control over what gets stored.
            • To filter out a website from a snapshot, you must be using Microsoft Edge.
            • Site Conflicts Of Interest (100%)
              None Found At Time Of Publication
            • Author Conflicts Of Interest (100%)
              None Found At Time Of Publication

            75%

            • Unique Points
              • UK data watchdog making enquiries with Microsoft over new feature called Recall that takes screenshots every few seconds on Copilot+ PCs
              • ICO is contacting Microsoft for more information on product safety and privacy concerns raised by campaigners
              • Recall has the ability to search through all users’ past activity including files, photos, emails and browsing history in addition to taking screenshots
            • Accuracy
              • Microsoft will need a lawful basis to record and re-display user’s personal information, including passwords and financial account information that may appear in snapshots stored on the device
            • Deception (30%)
              The article contains selective reporting and sensationalism. The author quotes Dr. Kris Shrishak stating that Recall could be a 'privacy nightmare' without providing any context about the potential benefits of the feature or Microsoft's stated privacy controls. The author also implies that screenshots taken every few seconds is an invasion of privacy, but does not mention that users have control over what is captured. Additionally, the article quotes Dr. Shrishak and Daniel Tozer expressing concerns about consent and potential misuse of the data without disclosing their affiliations or expertise.
              • That means no more logging into financial accounts, looking up sensitive health information, asking embarrassing questions, or even looking up information about a domestic violence shelter, reproductive health clinic, or immigration lawyer.
              • The UK data watchdog says it is ‘making enquiries with Microsoft’ over a new feature that can take screenshots of your laptop every few seconds. Many devices can already do this - but Recall also takes screenshots every few seconds and searches these too.
              • Microsoft will need a lawful basis to record and re-display the user’s personal information. There may well be information on the screen which is proprietary or confidential to the user’s employer; will the business be happy for Microsoft to be recording this?
              • I wouldn’t want to use a computer running Recall to do anything I wouldn’t do in front of a busload of strangers.
            • Fallacies (80%)
              The author makes an appeal to authority by quoting Dr. Kris Shrishak and Daniel Tozer, who express concerns about the privacy implications of Microsoft's Recall feature. The author also uses inflammatory rhetoric by describing the feature as a 'privacy nightmare'.
              • > The UK data watchdog says it is ‘making enquiries with Microsoft’ over a new feature that can take screenshots of your laptop every few seconds.
              • > Many devices can already do this - but Recall also takes screenshots every few seconds and searches these too.
              • > 'This could be a privacy nightmare', said Dr Kris Shrishak, an adviser on AI and privacy.
              • > Microsoft will need a lawful basis to record and re-display the user’s personal information.
              • > I wouldn’t want to use a computer running Recall to do anything I wouldn’t do in front of a busload of strangers.
            • Bias (80%)
              The author uses the term 'privacy nightmare' multiple times to describe Recall, which implies a negative bias towards the product. The author also quotes Dr. Kris Shrishak and Daniel Tozer expressing their concerns about privacy and potential misuse of data by Microsoft.
              • I wouldn't want to use a computer running Recall to do anything I wouldn't do in front of a busload of strangers.
                • Microsoft will need a lawful basis to record and re-display the user's personal information
                  • This could be a privacy nightmare
                  • Site Conflicts Of Interest (100%)
                    None Found At Time Of Publication
                  • Author Conflicts Of Interest (100%)
                    None Found At Time Of Publication