Microsoft’s recent introduction of an AI-powered feature named Recall has drawn significant scrutiny from both cybersecurity experts and regulatory bodies. The Recall feature, designed to log and index users’ PC activities, has raised concerns over privacy and data protection, leading to an investigation by the UK’s Information Commissioner’s Office (ICO).
ICO Raises Data Privacy Concerns
The ICO, an independent public authority responsible for upholding data privacy rights in the UK, has launched an inquiry into Microsoft’s Recall feature. In a statement issued on Wednesday, May 22, the ICO emphasized the need for transparency in how organizations use personal data. The agency stressed that personal data should only be processed to the extent necessary to achieve a specific purpose.
The ICO’s statement read, “We expect organisations to be transparent with users about how their data is being used and only process personal data to the extent that it is necessary to achieve a specific purpose. Industry must consider data protection from the outset and rigorously assess and mitigate risks to peoples’ rights and freedoms before bringing products to market.”
The ICO confirmed that it is making enquiries with Microsoft to understand the safeguards the company has in place to protect user privacy.
Recall’s Functionality and Associated Risks
Recall aims to extend the concept of web browser history to the entire computer, creating a detailed archive of user activity through AI-powered screenshots. According to Microsoft, this feature continuously captures screenshots of a user’s PC activity and creates a searchable index of these images. This allows users to retrieve past activities by searching through the AI-scanned screenshots.
However, several issues have arisen regarding this functionality. Although the screenshots are stored locally on the user’s device, they include sensitive information such as passwords, addresses, and health data. This data remains accessible to anyone who can access the local files, which poses significant security risks. Cybersecurity experts have voiced concerns about the potential for misuse by hackers and other malicious actors.
Additionally, the feature operates in the background, potentially without the user’s full awareness of what data is being captured and stored. This lack of transparency has amplified the fears among privacy advocates and users alike.
Related News:
Featured Image courtesy of Bloomberg via Getty Images