In May 2024, Microsoft introduced Recall, an AI-driven feature for select Windows PCs designed to capture screenshots every five seconds, enabling users to search their on-screen activity history. The intent was to assist users in retrieving previously viewed information, such as recipes or documents. 
However, recent evaluations have raised significant privacy concerns. Testing by Tom’s Hardware revealed that, even with the “filter sensitive information” setting activated, Recall inadvertently captured sensitive data, including credit card numbers and Social Security numbers. For instance, when testers entered a credit card number and login credentials into a Notepad window, Recall recorded this information. Similarly, filling out a loan application PDF in Microsoft Edge resulted in the capture of personal details like Social Security numbers, names, and dates of birth. 
In response to earlier critiques, Microsoft had implemented measures such as making Recall an opt-in feature, enhancing data encryption, and requiring authentication to access stored data. Despite these efforts, the tool’s inability to consistently filter out sensitive information poses ongoing privacy risks. Microsoft has acknowledged these concerns, indicating that the system is designed to improve over time and encourages users to report instances where sensitive data is inadvertently captured. 
This situation underscores the challenges tech companies face in balancing innovative AI functionalities with robust privacy safeguards. As AI tools become more integrated into daily computing, ensuring they do not compromise user privacy remains a critical concern.
Source: Wired
- We can help you become FADP compliant!
Expert Guidance, Affordable Solutions, and a Seamless Path to Compliance
