UK watchdog investigates Microsoft over its Copilot+ ‘Recall’ feature

Microsoft has introduced a new feature to allow users to “remember” content they’ve seen before on Copilot+ PCs, but the feature is raising concerns among privacy experts.

The UK Information Commissioner’s Office (ICO) is investigating a new feature Microsoft is offering to PC Copilot+ users, which takes screenshots of the user’s screen every few seconds.

This feature, Recover, is designed to help users find content they have previously viewed on the device. The optional feature will take periodic screenshots of a user’s activities, which are then encrypted and stored on the Copilot+ PC.

“You can use Recall to locate content you’ve viewed on your PC using search or in a timeline bar that lets you scroll through your snapshots,” Microsoft said in a blog post. “Once you find the snapshot you were looking for in Recall, it will be analyzed and offer you options to interact with the content.”

An ICO spokesperson said the organization is consulting with Microsoft to “understand the safeguards put in place to protect user privacy.”

“We expect organizations to be transparent with users about how their data is used and only process personal data to the extent necessary to achieve a specific purpose,” the spokesperson said. “The industry must consider data protection from the outset and rigorously assess and mitigate risks to people’s rights and freedoms before bringing products to market.”

Microsoft says PC Copilot+ users can limit the screenshots that Recall collects and that certain content will never be captured, such as InPrivate web browsing in Microsoft Edge. But he also noted that Recall does not perform “content moderation.”

“It will not hide information such as passwords or financial account numbers,” the company said. “That data may be in snapshots that are stored on your device, especially when sites do not follow standard Internet protocols, such as surreptitious password entry.”

Jake Moore, global cybersecurity advisor at ESET, said enabling a feature that captures screen data not only provides more data for a company, but also “opens up another avenue for criminals to attack.”

“While this feature is not enabled by default, users should note that any content may be analyzed by artificial intelligence algorithms for a better experience,” Moore said. “Although it may produce better results, a balance must be maintained between functionality and privacy, so users should be aware of the potential risks in case any sensitive data is compromised.

“Creating and storing more private data seems unnecessary when cybercriminals continually look for any vulnerabilities to exploit.”

Discover how emerging technology trends are transforming tomorrow with our new podcast, Future Human: The Series. Listen now on Spotifyin Apple or wherever you get your podcasts.