[chopin]

I remind you, very sensitive data is handled on Windows 10 Pro machines. Or would you require each doctor to maintain an Enterprise IT infrastructure.

Here in Germany, it is still controversial whether Windows 10 machines can be used in public services at all.

[pbhjpbhj]

Interesting GDPR situation, MS will need to tell people how they're using all that data, who they're selling to, and AIUI enable deletion of it. Organisations using software that includes telemetry will have to tell the users, as the assumption must be that such telemetry will leak PII.

[794CD01]

Would you trust each doctor to know enough about IT security to be capable of protecting patient data without hiring someone else to run their enterprise IT infrastructure?

[chopin]

No. But I would expect that the government (or a doctors professional organization on behalf) publishes a list of things he is allowed to use to work with patient data. Windows 10 shouldn't be on the list in my opinion.

[NiveaGeForce]

Nothing of personal value is logged, when telemetry is set to Basic level.

[chopin]

Is there any reputable audit of this? Beyond what Microsoft claims?

This is a difficult problem. The software could be audited by an independent third party. However each update needs to be audited as well. Furthermore the binary of the initial state and each subsequent update binary would have to be signed by the auditor in a way allowing independent verification of the signature.