Windows 11: Data protection experts recommend switching because of this AI feature

Windows 11 and data protection: Why experts say the recall function poses risks for cyber security and digital sovereignty - and what companies should check now.

What is the "recall function"?

The so-called Recall function of Windows 11 is an AI-supported tool that regularly takes screenshots of the screen content and compiles them into a locally searchable "memory". This makes it possible to find activities even days later via an AI search query. However, this approach also generates a comprehensive log of all visible content on the device,including potentially confidential company information.

Recall is initially deactivated in the basic settings and must be activated by users or administrators. Nevertheless, it is part of Windows systems and could be activated automatically during updates.

Why security and data protection experts warn

Critics warn of several key risks:

• Potential to collect sensitive data: Recall takes screenshots every few seconds that include everything from open documents to login credentials, unless recognized content is explicitly excluded.
  
• Unclear protection mechanisms: Microsoft states that the data is stored locally and is not transferred to Microsoft or third parties. However, critics do not consider these statements to be sufficient because there is a lack of transparency regarding storage, encryption and decryption as well as any future changes.
  
  
• Potential compromise in the event of unauthorized access: If an unauthorized person has access to a device that contains recall data, they could access a treasure trove of previous screen activity.

These points of criticism have already led to developers and organizations independently announcing or providing protective measures - such as browsers that actively block recall screenshot recordings.

Data protection vs. productivity - the debate for decision-makers

For decision-makers in highly regulated industries (e.g. financial services, healthcare or critical infrastructure), compliance and security issues are at the forefront alongside convenience aspects of the function:

1. Control over data flows: Automatically created screen recordings can contain sensitive personal and company information that is critical for compliance requirements (e.g. GDPR).
   
2. Attack surface for threats: Local storage of large amounts of information provides an attractive target for potential attackers, especially if there is physical access or endpoint security solutions are inadequate.
   
   
3. Unclear governance: There is a lack of clear guidelines and technical mechanisms that provide fine-grained control over what is actually stored and which data remains excluded.
   

Recommendations for corporate use

Cybersecurity and data protection experts currently recommend

• Clear policies for endpoints: IT teams should define which functions may and may not be activated in productive environments. For sensitive or regulated applications, it may be advisable to deactivate recall on all company endpoints.
  
• Technical configuration: Functions that are deactivated by default or can only be activated manually should be consciously controlled, including regular checks for updates.
  
  
• Awareness of data protection settings: Employees need to be made aware of potential risks, especially if they are handed devices with features such as Recall.
  
  
  

Conclusion for decision-makers

The AI-based Recall feature of Windows 11 has opened up a new debate about where the line is drawn between operational productivity enhancement and systematic data collection. While Microsoft emphasizes that all data remains local and is not transferred externally, many data protection experts and security analysts consider the risks to be more serious than Microsoft has communicated.

Particularly in highly regulated industries, decision-makers must carefully examine whether and how such functions are acceptable in productive use - or whether the potential damage caused by the compromise of sensitive data outweighs the benefits.