UK

Data regulator looking into Microsoft’s AI Recall feature

The tool, which takes screenshots every few seconds to power an in-depth search feature, has raised privacy concerns among some experts.

Microsoft said the tool will be exclusive to new AI-powered Copilot+ PCs
Microsoft said the tool will be exclusive to new AI-powered Copilot+ PCs (Microsoft/PA)

The UK’s data protection watchdog is “making inquiries” with Microsoft over a new feature that can take screenshots of a user’s computer every few seconds.

It is part of a new tool called Recall, which uses the screenshots and artificial intelligence to look back through a user’s past activity to offer an enhanced way to search through a device.

Microsoft has said users have privacy control options around the tool – which will be exclusive to its new AI-powered Copilot+ PCs – that can limit the screenshots collected, but it has still raised privacy concerns.

The Information Commissioner’s Office (ICO) told the BBC that firms must “rigorously assess and mitigate risks to peoples’ rights and freedoms” before bringing new products to market.

The data protection regulator said it was “making inquiries with Microsoft to understand the safeguards in place to protect user privacy”.

Join the Irish News Whatsapp channel

In its launch for Recall, Microsoft said Recall worked locally, with the AI-powered processing taking place on-device to boost security, and will not capture screenshots of private web browsing sessions.

In a blog post published when the feature was announced on Monday, Microsoft said: “Recall leverages your personal semantic index, built and stored entirely on your device.

“Your snapshots are yours; they stay locally on your PC. You can delete individual snapshots, adjust and delete ranges of time in Settings, or pause at any point right from the icon in the System Tray on your Taskbar.

“You can also filter apps and websites from ever being saved. You are always in control with privacy you can trust.”

But Jake Moore, global cybersecurity adviser at software security firm Eset, said the creation and storage of more private data through the feature could be an enticing prospect for cyber criminals.

“Enabling a feature which has the ability to capture screen data not only offers even more data to the company behind the software but also opens up another avenue for criminals to attack,” he said.

“Whilst this feature is not on by default, users should be mindful of allowing any content to be analysed by AI algorithms for a better experience.

“Although it may produce better results, there is a balance that must be kept regarding functionality versus privacy and so users must remain aware of the potential risks should any sensitive data ever become compromised.

“Creating and storing more private data seems unnecessary when cyber criminals continually look for any given vulnerability to exploit.”