Microsoft has begun rolling out its new AI-powered feature, Copilot+ Recall, which captures users’ screen images every few seconds. This tool, currently available in preview for users of AI-enabled Microsoft laptops and desktops, has sparked privacy concerns. Initially launched in 2024 and later suspended due to backlash, the tool is now being tested more widely, with plans for global availability, excluding the EU, where it is expected to be delayed until late 2025. Recall allows users to retrace their past activities by searching saved images of documents, emails, and websites they visited.
What is Copilot+ Recall and How Does it Work?
Copilot+ Recall is designed to help users track their activities, such as documents opened, images viewed, or websites browsed. By saving screenshots at regular intervals, it enables users to quickly locate past actions. For example, if a user recently viewed a product online but cannot recall where, they can search through saved images to find it again. Recall is an opt-in feature, meaning users must activate it manually and can stop the screen capture process at any time.
Global Expansion with Limited Access for EU Users
Microsoft has confirmed that it will expand Recall globally, but European users will have to wait until late 2025 before the tool becomes available to them. Despite the global rollout, the company has taken steps to reassure users by emphasizing that Recall will only function after activation, giving individuals control over the tool’s use. Microsoft also insists that the tool does not share captured data with the company or third parties, ensuring privacy in the local storage of all screenshots.
Concerns Over Data Privacy and Exploitation Risks
Despite these assurances, privacy experts, including Dr. Kris Shrishak, have raised serious concerns about the potential risks of Recall. While he acknowledged that the opt-in feature is an improvement, Dr. Shrishak emphasized that the tool could still be exploited, potentially violating the privacy of third parties. For instance, the tool can capture private communications from apps like WhatsApp or email inboxes, storing sensitive information without the consent of all parties involved. This automatic data collection, unlike manually taking a screenshot, could include private messages and images that users might not have intended to save.
Dr. Shrishak also warned about the possibility of disappearing messages, such as those sent via apps like Signal, being saved indefinitely through Recall. The tool’s ability to record messages and images without clear user awareness poses significant privacy risks, especially if attackers gain access to the device and retrieve this captured content.
Microsoft’s Safeguards and User Control
Microsoft has implemented several safeguards to ensure user control over the Recall tool. Users can define which applications the tool can monitor, excluding private browsing modes from being captured. Additionally, users have the ability to delete any stored screenshots at their discretion. The company has emphasized that all screenshots are stored locally on the user’s device and not on remote servers, reducing the risk of unauthorized access.
Before accessing any saved content, users must verify their identity, adding an extra layer of security. Microsoft also stated that the tool does not share any screenshots or data with the company or external entities, further addressing privacy concerns.
Regulatory Scrutiny: UK Data Privacy Authority Monitors the Tool
The UK’s data privacy regulator, the Information Commissioner’s Office (ICO), has been in discussions with Microsoft regarding Recall’s deployment. The ICO has emphasized the importance of clear user information and purpose-based data collection. While it does not pre-approve digital products or features, the ICO stressed that Microsoft must demonstrate ongoing compliance with data protection regulations.
The regulator has made it clear that companies must prove they are protecting users’ data rights at all times. Any failure to comply with these regulations could lead to enforcement action, highlighting the need for Microsoft to address any lingering concerns over Recall’s privacy implications.
A Balancing Act Between Convenience and Privacy
As Microsoft pushes forward with the expansion of Copilot+ Recall, the company faces mounting scrutiny over its potential privacy risks. While the tool offers users the convenience of easily tracking past activities, concerns about data security and unauthorized data collection remain unresolved. Microsoft’s commitment to user control and local storage of data offers some reassurance, but privacy experts continue to warn about the risks of unintentional data exposure. With regulatory bodies closely monitoring the situation, the future of Recall depends on how well Microsoft addresses these concerns while balancing innovation with user privacy.
