We have heard a lot about privacy concerns surrounding Windows 10 and accusations on Microsoft of collecting too much data about users without their consent.
Now, the French data protection authority has ordered Microsoft to stop it.
France’s National Data Protection Commission (CNIL) issued a formal notice on Wednesday, asking Microsoft to “stop collecting excessive data” as well as “tracking browsing by users without their consent.”
The CNIL, Commission Nationale de l’Informatique et des Libertés, ordered Microsoft to comply with the French Data Protection Act within 3 months, and if fails, the commission will issue a sanction against the company.
Moreover, the CNIL notified Microsoft that the company must also take “satisfactory measures to ensure the security and confidentiality” of its users’ personal data.
The notice comes after a series of investigations between April and June 2016 by French authorities, revealing that Microsoft was still transferring data to the United States under the “Safe Harbor” agreement that a European Court court invalidated in October last year.
Allegations on Windows 10
The CNIL’s list of complaints about Windows 10 does not end there, as it goes on to read:
- Microsoft is collecting data on “Windows app and Windows Store usage data,” along with monitoring apps its user’s download and time spent on each app, which according to the CNIL, is irrelevant and “excessive” data collection.
- Microsoft is also criticized for its lack of security, since there is no limit set on the number of guesses for entering the four-digit PIN used to protect your Microsoft account.
- After Windows 10 installation, Microsoft also activates a user’s advertising ID by default, which enables Windows apps as well as other third-party apps to monitor user browsing history and to offer targeted ads “without obtaining users’ consent.”
- Windows 10 does not give you any option to block cookies.
- And as I mentioned above, Microsoft is transferring its users’ personal data to the United States under the “Safe Harbor” agreement.
In a statement, the CNIL said: “It has been decided to make the formal notice public due to, among other reasons, the seriousness of the breaches and the number of individuals concerned (more than ten million Windows users on French territory).”
Microsoft Response on the CNIL Notice
Microsoft has responded to the notice, saying the company is happy to work with the CNIL to “understand the agency’s concerns fully and to work toward solutions that it will find acceptable.”
What’s more interesting is that Microsoft does not deny the allegations set against it and does nothing to defend Windows 10 excessive data collection, as well as fails to address the privacy concerns the CNIL raises.
However, the tech giant does address concerns about the transfer of its users’ personal data to the U.S. under the “Safe Harbor” agreement, saying that “the Safe Harbor framework is no longer valid for transferring data from European Union to the United States.”
The company says it still complies with the Safe Harbor agreement up until the adoption of Privacy Shield.
“Microsoft has in fact continued to live up to all of its commitments under the Safe Harbor Framework, even as the European and US representatives worked toward the new Privacy Shield,” says Microsoft. “We’re working now toward meeting the requirements of the Privacy Shield.”
Windows 10 Privacy concerns seem to be a never ending topic. Over the last year, Microsoft has annoyed users with a number of weird practices around Windows 10, including aggressive upgrades and transferring too much information about users back to Redmond.
Since there is the promise of a statement about privacy next week, let’s see what happens next. You can read Microsoft’s full statement, courtesy of David Heiner, vice president and deputy general counsel, on VentureBeat.