Home Is Microsoft Copilot’s screen grabbing Recall feature a privacy threat? UK watchdog is investigating

Is Microsoft Copilot’s screen grabbing Recall feature a privacy threat? UK watchdog is investigating

TL:DR

  • UK's ICO investigates Microsoft Copilot's Recall feature over data security concerns due to progressive screenshots.
  • Recall takes snapshots of user's screen content to enhance AI responses, raising privacy issues despite encryption.
  • Microsoft provides guide to pause/turn off Recall, but ICO seeks transparency and rigorous risk assessment from industry.
  • The UK privacy watchdog Information Commissioner’s Office (ICO) is investigating Microsoft Copilot’s new Recall feature.

    The Recall feature is present in the new AI-assistant Copilot+ PCs that have been purpose-built to meet consumer demand for devices with artificial intelligence capabilities as a standard.

    Concerns have been raised about data security with Recall as it takes screenshots progressively when using a Copilot+ PC. These screenshots record all data, including personal data, which has worried regulators like the British ICO.

    The ICO is the United Kingdom’s regulatory watchdog responsible for reporting data breaches, threats to public information security, and the risks of illegal activity in the digital domain.

    How does Microsoft Copilot’s Recall feature work?

    The Recall feature is designed to find content on a user’s PC and support the generative AI data-compiling method.

    To do this, the Recall feature must progressively take snapshots of the user’s screen content to create a library to enhance the AI responses. This is then sent to the Recall App, which uses these gathered contents to piece together the answers to a user’s AI queries.

    Things like gaming snapshots, pulling a certain document from weeks past, or going back to an old Zoom meeting seem innocuous.

    In theory, this is an AI “learning” a user’s patterns and favorite things to search for, but it can bring many security concerns.

    Microsoft stated that Recall “will not hide information such as passwords or financial account numbers. That data may be in snapshots that are stored on your device, especially when sites do not follow standard internet protocols like cloaking password entry.”

    The UK’s ICO has now raised concerns with Microsoft: “We are making inquiries with Microsoft to understand the safeguards in place to protect user privacy.”

    Microsoft security guide

    Microsoft has posted a guide to the new Recall features focusing on privacy and security. The computer giant states the Recall feature can be manually turned off by going to “Settings > Privacy & security > Recall & snapshots,” on Copilot+ PCs.

    Despite this guide to pause or turn off the tool, the questions about how data is used and the safeguards in place remain.

    Microsoft did say that the company does not use any mandatory internet or network connection to use the feature.

    The company also stated that all data is stored locally on the device. The company said, “Snapshots are encrypted by Device Encryption or BitLocker, which are enabled by default on Windows 11.”

    The ICO hopes Microsoft will be “transparent with users about how their data is being used and only process personal data to the extent that it is necessary to achieve a specific purpose. Industry must consider data protection from the outset and rigorously assess and mitigate risks to people’s rights and freedoms before bringing products to market.”

    Other than the Recall privacy guide, Microsoft has yet to respond, but the ICO will be hoping for more reassurance that user data, even if encrypted, is safeguarded.

    Image: Microsoft.

    About ReadWrite’s Editorial Process

    The ReadWrite Editorial policy involves closely monitoring the tech industry for major developments, new product launches, AI breakthroughs, video game releases and other newsworthy events. Editors assign relevant stories to staff writers or freelance contributors with expertise in each particular topic area. Before publication, articles go through a rigorous round of editing for accuracy, clarity, and to ensure adherence to ReadWrite's style guidelines.

    Brian-Damien Morgan
    Tech Journalist

    Brian-Damien Morgan is an award-winning journalist and features writer. He was lucky enough to work in the print sector for many UK newspapers before embarking on a successful career as a digital broadcaster and specialist. His work has spanned the public and private media sectors of the United Kingdom for almost two decades. Since 2007, Brian has continued to add to a long list of publications and institutions, most notably as Editor of the Glasgow 2014 Commonwealth Games, winning multiple awards for his writing and digital broadcasting efforts. Brian would then go on to be integral to the Legacy 2014,…

    Get the biggest tech headlines of the day delivered to your inbox

      By signing up, you agree to our Terms and Privacy Policy. Unsubscribe anytime.

      Tech News

      Explore the latest in tech with our Tech News. We cut through the noise for concise, relevant updates, keeping you informed about the rapidly evolving tech landscape with curated content that separates signal from noise.

      In-Depth Tech Stories

      Explore tech impact in In-Depth Stories. Narrative data journalism offers comprehensive analyses, revealing stories behind data. Understand industry trends for a deeper perspective on tech's intricate relationships with society.

      Expert Reviews

      Empower decisions with Expert Reviews, merging industry expertise and insightful analysis. Delve into tech intricacies, get the best deals, and stay ahead with our trustworthy guide to navigating the ever-changing tech market.