HoloLens 2 Privacy and Data Protection
One of the core elements of the GDPR is ‘data protection by design’. This concept especially applies to mobile devices, like the HoloLens 2, because of their portability, unlimited internet connections and open communication channels. Resultingly, the HoloLens 2’s security has been redesigned to provide advanced, innovative security and privacy protection, end-to-end, incorporating both Microsoft’s approach to privacy and GDPR regulations.
Note
This document does not apply to HoloLens (1st gen).
Privacy Overview
HoloLens 2 is a self-contained Windows computer, running Windows Holographic, that runs apps and solutions in an immersive mixed reality environment. It can be used as a secure offline device or deployed as a managed device within your organization. See the following links to understand how the HoloLens 2 and Microsoft use and protect your data:
- Microsoft Privacy Statement - HoloLens – expand the Enterprise and developer section in the left navigation menu and select Enterprise and developer software and appliances. Go to the HoloLens section.
- Windows 10 and your online services
- Windows 10 & Privacy Compliance Guide
- Privacy and personal data in Intune
Network Security
Following the HoloLens 2 Common Deployment Scenarios, your data will be protected by Azure’s world-class compliance along with legal/regulatory standards integration. If you are new to Microsoft Entra ID and Dynamics 365 Remote Assist, reference the Azure and Dynamics 365 accountability readiness checklist for the GDPR.
Furthermore, Windows Defender Firewall delivers critical functionality to secure device connectivity. With HoloLens 2, the firewall is always enabled and there are no ways to disable it programmatically or through the UI. When the HoloLens 2 is deployed as a managed device using Intune, more compliance functionality is available with integration for Endpoint with Microsoft Intune as a Mobile Threat Defense solution.
Learn more about the HoloLens 2 security and architecture.
OS Security
Updates are done automatically (by default) so your HoloLens 2 is always up to date with the latest release of Windows Holographic and any installed apps. See the following to understand more about how our OS is securely designed:
Physical Security
HoloLens 2 has flash memory that is protected by BitLocker encryption. Your device, and its local data, can be flashed offline using Advanced Recovery Companion or remotely wiped via MDM if it has been deployed as a managed device.
Data Protection
Windows updates are run automatically (by default) and Azure integration protects data traveling between itself and the cloud.
When deploying HoloLens 2 to external clients, Dynamics 365 Remote Assist ensures your sensitive company data and resources are both separate and safe.
The sharing of diagnostic data with Microsoft can be manually configured by MDM or by the user during OOBE. There are two choices: Optional diagnostic data and Required diagnostic data. If your original diagnostic setting needs to be changed at a later time for troubleshooting purposes, it can be changed by the user in Settings -> Privacy -> Diagnostics & Feedback or the IT Admin (MDM) if it is a managed device. See more about Diagnostics, feedback, and privacy in Windows 10.
Important
Device diagnostic logs contain personally identifiable information (PII), such as about what processes or applications the user starts during typical operations. When multiple users share a HoloLens device (for example, users sign in to the same device by using different Microsoft Entra accounts) the diagnostic logs may contain PII information that applies to multiple users.
There are several collection methods and data retention policies for gathering diagnostic data from the HoloLens 2. For more information about how Microsoft collects and uses diagnostic data, see Microsoft Privacy Statement - Diagnostics - expand Windows in the left navigation menu and select Diagnostics. Go to the Diagnostics section.