Windows 11’s out-of-box experience has become the new frontier for privacy debates. As of mid-2025, the setup screens that greet every new PC buyer have evolved from a simple series of “accept” buttons into a detailed, multi‑page privacy checkpoint. Users now face toggles for location, Find My Device, diagnostic data, tailored experiences, and advertising ID — all before the desktop appears. For many, what Microsoft calls a “transparent consent screen” feels more like a confusing tradeoff where unclear terminology masks far‑reaching data collection.

Industry analysts have long scrutinised Microsoft’s approach to telemetry. The current OOBE, found in Windows 11 builds 22621 and later, presents these choices during the initial account setup — whether users opt for a local account or a Microsoft Account. The screen’s layout, with switches that default to “on” for most settings, has drawn criticism. Privacy advocates argue that the average user, eager to start using their new device, is likely to breeze through without reading, essentially consenting to broad data sharing by default.

The Five Toggles Decoded: What You’re Really Agreeing To

Let’s break down each toggle as it appears in a typical Windows 11 Home OOBE. The exact wording may vary slightly by region or update channel, but the underlying data flows are consistent.

Location

Turning on location allows Windows and apps to request your device’s physical position. This seems straightforward, but the toggle’s reach is broad: many Store apps, system services like Find My Device, and even the Weather widget rely on it. If you flick this on, Windows can share your location with Microsoft and third‑party apps unless you later deny each app individually in Settings.

Find My Device

This feature, which periodically records your device’s location and stores it in your Microsoft Account, is pitched as a security measure for lost or stolen laptops. However, it only works if location services and a Microsoft Account are active. Critics note that once enabled, Microsoft is effectively tracking your device’s movements, albeit in a supposedly encrypted form.

Diagnostic Data

This is the most contentious toggle. Windows 11 requires a baseline of diagnostic data (formerly “Basic”) to function. During OOBE, you get a binary choice: send only the required diagnostic data, or send optional diagnostic data. The “required” option still transmits information about device health, installed apps, and error reports, but with minimal detail. “Optional” data, on the other hand, opens the floodgates: detailed reports on websites you visit, how you use apps and features, and even some inking and typing data. Microsoft’s own documentation confirms that optional data can lead to more personalised tips and product improvements, but privacy experts warn it’s a treasure trove for profiling. The toggle’s phrasing — “Tailored experiences” is often lumped together with diagnostic data — can blur the line between necessary maintenance and optional surveillance.

Tailored Experiences

This separate switch controls whether Microsoft uses diagnostic data (even if you’ve opted for required data) to show personalised ads, tips, and recommendations. The catch: tailored experiences use a subset of diagnostic data that might include information about system usage patterns, even if you thought you were only sending required info. Microsoft explicitly states that if you turn off tailored experiences, it will still collect diagnostic data but won’t personalise ads based on it. However, the OOBE screen’s layout does little to explain this nuance.

Advertising ID

Finally, the advertising ID toggle governs a unique device identifier that apps can use to show targeted advertisements. Switching it off doesn’t mean you’ll see no ads — just that they won’t be based on your activity across apps. Yet many users overlook this toggle entirely, as it is often grouped on a secondary screen or presented with Microsoft’s broader privacy dashboard.

The OOBE privacy screen’s design has long been a lightning rod. A 2024 study by the Norwegian Consumer Council highlighted that Microsoft’s default‑on approach, combined with vague language, may violate the spirit of Europe’s General Data Protection Regulation (GDPR). Under GDPR, consent must be “freely given, specific, informed and unambiguous.” Critics argue that turning on most toggles by default fails the “informed” and “unambiguous” tests because users are not adequately aware of what they’re agreeing to.

Microsoft counters that the choices are clearly explained, and the company points to the post‑OOBE privacy dashboard where users can review and change every setting. Yet the very placement of this dashboard — buried in the Settings app under “Privacy & security” — means only the most motivated users will find it. The gap between “setup time consent” and later‑aware revocation is wide, and many people never revisit those initial choices.

Community feedback on forums like WindowsNews.ai reveals deep frustration. One user wrote, “I built a PC for my dad and walked him through the setup. He just clicked Next, Next, Next. He had no idea he’d agreed to send Microsoft his browsing habits.” Another shared, “The diagnostics page makes it sound like you’re hurting the product if you only send required data. That’s emotional pressure.” These anecdotes mirror broader sentiment: the OOBE is designed to guide users toward the least private option, not to foster genuine consent.

Microsoft’s Data Collection Machine: What Happens After You Press “Next”

Understanding why these toggles matter requires a peek under the hood. Even with all privacy settings minimised, Windows 11 Home and Pro editions still phone home with telemetry. Microsoft has publicly detailed its diagnostic data categories: “Required” data includes security and reliability information, while “Optional” adds a much richer dataset. The company uses this data to prioritise bug fixes, detect security threats, and refine AI features like Copilot. Yet third‑party audits have found that some data classified as “required” still contains enough information to potentially identify a user, especially when correlated with other signals like IP address or account sign‑ins.

Meanwhile, the advertising ID has become less critical since Microsoft scaled back its first‑party ad business. However, third‑party apps in the Microsoft Store still rely on it for targeted ads, and some built‑in experiences (like the MSN feed in Widgets) may use the ID if you’ve consented. The interplay between toggles can trip up even tech‑savvy users: turning off advertising ID but leaving tailored experiences on might still result in personalised content, albeit not tied to a cross‑app identifier.

A Historical Look: How We Got Here

Windows 11’s OOBE privacy screen didn’t appear out of nowhere. Windows 10’s launch in 2015 was marred by controversy over default telemetry and the inability to turn it off entirely in consumer editions. After EU pressure and the GDPR rollout, Microsoft introduced the “Full” vs “Basic” diagnostic levels and later renamed them to “Optional” and “Required.” Windows 11 launched with these already in place, but the OOBE design became more granular with the 22H2 update, which added dedicated toggles for Find My Device and location early in the setup, rather than burying them in a secondary screen.

The latest 24H2 release (build 26100) has further tweaked the layout, moving the advertising ID toggle to the same page as tailored experiences. However, the fundamental tension remains: by presenting all choices together, Microsoft may actually be overwhelming users, leading to “privacy fatigue” and a higher acceptance rate of defaults.

What Regulators and Experts Say

European data protection authorities have been circling. In early 2025, the German DSK (Conference of Independent Data Protection Supervisors) issued guidelines for operating system setups, specifically calling out pre‑ticked boxes and unclear language as problematic. While Microsoft has not been singled out, the recommendations align closely with critiques of Windows 11 OOBE. In the U.S., the Federal Trade Commission has shown renewed interest in “dark patterns” that nudge users toward data sharing. A former FTC technologist told WindowsNews.ai, “If the path of least resistance leads to maximum data collection, that’s not informed consent — it’s a designed default.”

Technical audits by independent researchers add weight. One analysis of network traffic during OOBE found that even before any privacy choices were made, Windows 11 sent data packets to servers like settings‑win.data.microsoft.com and watson.telemetry.microsoft.com. Microsoft explains that some background telemetry is necessary to complete setup, but privacy advocates say this undermines the very concept of asking for permission.

The Bigger Picture: Beyond the Toggles

The privacy screen debate is really about control. Windows 11, as a service, is increasingly interwoven with Microsoft’s cloud — from Copilot integration to automatic updates and even file backup prompts for OneDrive. Each OOBE toggle is only one thread in a larger fabric of data collection. The advertising ID, for instance, may seem trivial, but it ties into Microsoft’s advertising platform that also powers apps like LinkedIn and Bing. Tailored experiences, if left on, can influence the tips you see in Settings and the articles recommended in your Widgets board — creating a feedback loop that shapes your interaction with the OS.

Moreover, the OOBE screen is not the last time you’ll be asked about privacy. When you first open Edge, another setup wizard asks for data collection permissions. When you install Office, similar prompts appear. The cumulative effect can erode trust, making users cynical about all consent screens.

Until Microsoft redesigns the OOBE to be more truly opt‑in, users can take a few concrete steps. During setup, take the time to read each description — however tedious. Turn off advertising ID and tailored experiences unless you specifically want personalised recommendations. Choose “Required diagnostic data” if you prefer minimising data sharing; the system will still receive security updates and error fixes. Even after OOBE, head to Settings > Privacy & security > General and review every option (including the obscure “Let apps show me personalised ads by using my advertising ID” under General). Regularly check the Diagnostic & feedback menu to confirm your data level hasn’t changed after a feature update, as some upgrades have been reported to reset these choices.

For enterprise administrators, Windows 11 offers group policies and MDM controls to lock down these settings organisation‑wide. But for the average home user, the burden of privacy protection remains squarely on their shoulders — and their attention span during the exciting unboxing moment.

Microsoft has shown incremental improvements. The 2024 Windows Privacy Experience Paper outlined plans to make privacy settings more accessible and to simplify language. However, the fundamental business model of using telemetry to improve AI features (like Microsoft 365 Copilot) creates a conflict of interest. As long as Microsoft benefits from harvesting usage data, OOBE toggles will likely remain skewed toward data sharing.

Pressure is mounting. The EU’s Digital Markets Act and the upcoming AI Act impose new obligations on gatekeepers, and operating systems are squarely in the crosshairs. If regulators force Microsoft to present privacy choices with all toggles off by default, the entire OOBE paradigm could shift. Some analysts predict that Windows 12, whenever it arrives, might debut a “privacy‑first” setup — but that remains speculative.

In the meantime, Windows 11 users must navigate a consent screen that often feels more like a legal shield for Microsoft than a meaningful empowerment of individual choice. The toggles are there, but whether they constitute informed consent or a confusing data tradeoff depends less on the text and more on the user’s ability to parse what’s at stake. One thing is clear: as long as the default position maximises data collection, the consent will remain in the eye of the beholder.