If Microsoft was crushingly strict about privacy and data protection then:
1) The default would be no telemetry done.
2) The user could choose to opt-in to telemetry if they wanted.
3) If the user wanted to opt-in telemetry they could choose to give blanket permission to send anything or could instead give permission to send only with approval for each payload after being able to inspect the data.
4) Offer an interface for a user to delete all data Microsoft has collected about that user anytime they want, in perpetuity.
As far as I am aware, they don't do any of those four. You have a pretty weak definition of "crushingly strict" where Microsoft collects information about all users with no opt-out, let alone do the real privacy-conscious thing of offering only opt-in. Maybe they do protect users' information with crushingly strict rules, but when they have such disregard for the four points above, which are really important if they want to convince their users they actually care about their users' privacy, then it's really hard to have faith that do care deep down inside once they have all that data.