Today The Register pointed out a Microsoft's document about "Configure telemetry and other settings in your organization". It has a scary passage. When in "Full telemetry level" - the default level in the Home and Pro versions, it allows Microsoft:
Ability to run a limited, pre-approved list of Microsoft certified diagnostic tools, such as msinfo32.exe, powercfg.exe, and dxdiag.exe.
Ability to get registry keys.
Ability to gather user content, such as documents, if they might have been the trigger for the issue.
Especially the last is really scary. Microsoft engineers can have access to your documents without your explicit consent. Microsoft also writes
However, before more info is gathered, Microsoft’s privacy governance team, including privacy and other subject matter experts, must approve the diagnostics request made by a Microsoft engineer. If the request is approved, Microsoft engineers can use the following capabilities to get the information
But it is still a matter that Microsoft oversees its own actions. Of course you can lower the telemetry level, but Home and Pro version can't use the "Security" level, the less intrusive one, available only in the Enterprise and Education version - but remember, the default level gives Microsoft access to your contents. If your not aware of the implications, and never set a less intrusive level, sensitive documents - financial or medical records, intellectual properties, etc. - can be accessed remotely by Microsoft engineer with just an approval from "Microsoft's privacy governance team", not you. Also, Microsoft could "accidentally" reset the telemetry level with any update - it already happened - updates which again are forced onto customers if settings are not properly changed.
Nadella is really the worst Microsoft CEO ever. Such level of intrusion can't be approved but at the highest level. The utter contempt for customers is appaling. Hope his tenure will end soon.