Microsoft has made Windows licensing and activation ridiculously complex. Here's what you need to know. That sentence, which has scrolled past PC users' eyeballs for decades as they click through Windows license agreements without reading them, is what made Bill Gates rich. It is also the gateway to an insanely confusing thicket of legal verbiage, and Microsoft has made the topic even more bewildering through the years by adding layers of anti-piracy protection that are only indirectly related to the license itself. (And let's not even start on weaselly words like genuine.) I've been studying Microsoft licensing agreements for more than two decades. During that time, I've written dozens of articles on the subject and have prepared testimony as an expert witness in criminal and civil cases where Microsoft licensing was at the crux of some serious disagreements. One thing I've learned along the way is that even people who work for Microsoft sometimes get confused about when a license is legitimate and when it's not. And if they have trouble sorting out license agreements, what chance do the rest of us have? Most of the time, a Windows license is strictly a formality, something you can safely ignore. But occasionally, it matters, especially if you're building your own PC or upgrading to a different edition. If you're making IT purchases for a business that involves more than a few dozen PCs, it absolutely matters. To make this difficult topic a little easier, I've put together a list of questions and answers focused specifically on Windows PCs. Is your license valid? How can you tell? Should you care? All of those things are, potentially, evidence that you possess a valid license, which is a legal grant from the licensor (Microsoft) to the licensee (you) which gives you the right to use Microsoft Windows on a particular device, provided that you follow the terms of the license agreement. The license itself is an intangible thing, governed by a legal agreement between you and either Microsoft or one of its partners who resold the Windows license as part of a new PC. That license agreement is the thing you scroll through quickly without reading every time you install Windows. But here's the most fascinating and frustrating part of Windows licensing. If I sit down in front of your computer and (with your permission) do a thorough inspection, I cannot conclusively determine whether you have a valid Windows license. I can confirm that the system is properly activated. I can also make an educated guess about the license status, and I will probably be right. But without seeing an audit trail of receipts for the PC and/or its system software, there's no way of knowing for sure. Over time, Microsoft discovered that it was in the company's best interests to tolerate a certain amount of casual copying as part of its goal of not pissing off legitimate customers. I can't remember the last time I received a complaint about product activation issues with Windows. Today, the overwhelming majority of Windows PCs are sold by giant OEMs that pay Microsoft for every license. Only a tiny sliver of PCs is built by hobbyists or small system builders. If someone in one of those groups tries to reuse a product key inappropriately (by activating multiple PCs using the same product key in a matter of days), the activation servers will object strenuously. But if you reuse a product key months after the first use, it's likely that Microsoft's activation servers will wave you right through. If you bought a PC with Windows preinstalled, you don't need to enter a product key when you set it up for the first time. The company that built that PC entered the product key as part of the process of preparing the system for delivery to you. Big-name OEMs embed that product key into the BIOS. Smaller system builders enter the product key using deployment tools. In either case, once you start up your brand-new PC, accept the license agreement, and activate your copy, that product key is no longer necessary. You can reinstall that edition of Windows on the same hardware as many times as you want, without having to enter a product key. To read this posting in its entirety please visit OUR FORUM.

ONE THOUSAND FOUR hundred and fifty-nine days have passed since data rights nonprofit NOYB fired off its first complaints under Europe’s flagship data regulation, GDPR. The complaints allege Google, WhatsApp, Facebook, and Instagram forced people into giving up their data without obtaining proper consent, says Romain Robert, a program director at the nonprofit. The complaints landed on May 25, 2018, the day GDPR came into force and bolstered the privacy rights of 740 million Europeans. Four years later, NOYB is still waiting for final decisions to be made. And it’s not the only one. Since the General Data Protection Regulation went into effect, data regulators tasked with enforcing the law have struggled to act quickly on complaints against Big Tech firms and the murky online advertising industry, with scores of cases still outstanding. While GDPR has immeasurably improved the privacy rights of millions inside and outside of Europe, it hasn’t stamped out the worst problems: Data brokers are still stockpiling your information and selling it, and the online advertising industry remains littered with potential abuses. Now, civil society groups have grown frustrated with GDPR’s limitations, while some countries’ regulators complain the system to handle international complaints is bloated and slows down enforcement. By comparison, the information economy moves at breakneck speed. “To say that GDPR is well enforced, I think it’s a mistake. It's not enforced as quickly as we thought,” Robert says. NOYB has just settled a legal case against the delays in its consent complaints. “There’s still what we call an enforcement gap and problems with cross-border enforcement and enforcement against the big players,” adds David Martin Ruiz, a senior legal officer at the European Consumer Organization, which filed a complaint about Google’s location tracking four years ago. Lawmakers in Brussels first proposed reforming Europe’s data rules back in January 2012 and passed the final law in 2016, giving companies and organizations two years to fall in line. GDPR builds upon previous data regulations, super-charging your rights and altering how businesses must handle your personal data, information like your name or IP address. GDPR doesn’t ban the use of data in certain cases, such as police use of intrusive facial recognition; instead, seven principles sit at its heart and guide how your data can be handled, stored, and used. These principles apply equally to charities and governments, pharmaceutical companies, and Big Tech firms. Crucially, GDPR weaponized these principles and handed each European country’s data regulator the power to issue fines of up to 4 percent of a firm's global turnover and order companies to stop practices that violate GDPR's principles. (Ordering a company to stop processing people’s data is arguably more impactful than issuing fines.) It was never likely that GDPR fines and enforcement were going to flow quickly from regulators—in competition law, for instance, cases can take decades—but four years after GDPR started, the total number of major decisions against the world’s most powerful data companies remains agonizingly low. For more on GDRP visit OUR FORUM.