Microsoft recently announced that it will extend the European Union’s GDPR privacy rights to users across the world, despite not being obliged to do so. However, it appears that Microsoft’s benign intentions might soon have to face judicial scrutiny by India’s apex court, thanks to a petition filed against the company in the Supreme Court over Microsoft’s data privacy policies and its questionable implementation.

The petition, filed by Vinit Goenka, states that Microsoft is involved in an unauthorized collection of user data which is stored in servers located outside the country, keeping it away from Indian jurisdiction

Data Collection Settings in Windows
Data Collection Settings in Windows

Goenka claims in his petition that he discovered Microsoft accessing sensitive information related to his business, which was also shared with third parties by the company. The petitioner made the surprising discovery when he started receiving emails from third-party firms or services, which made it clear that sensitive business data was accessed by Microsoft, and that it was also shared with other parties who used it for advertising and promotional activities.

He also pointed that Microsoft stores the data of Indian users in storage centers located in foreign countries where it is shielded from Indian jurisdiction and law. Goenka argued that Microsoft has ‘complete access to our country’s data and has the same stored in some foreign location. And in the absence of any such law/regulation to seize such data, the country is in a vulnerable position’.

Citing earlier reports of Microsoft’s involvement in data collection practices and vulnerabilities in its software products, Goenka has urged the Union Ministry to enforce necessary laws that can prevent companies like Microsoft from violating the citizen’s right to privacy, and has also asked for a thorough audit of Microsoft’s software used in India.