View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
July 22, 2016updated 31 Aug 2016 11:12am

France orders Microsoft to stop collecting Windows 10 user data

News: Microsoft has three months to address issues.

By CBR Staff Writer

The French data authority, Commission Nationale de l’Informatique et des Libertés (CNIL), has issued a formal notice to Microsoft to stop collecting excessive data and tracking of users without their approval.

CNIL took this action after being alerted by media and political parties. Meanwhile, a Contact group was created within the G29 (working party including national data protection agencies in Europe) to examine the issue and conduct investigations in several states concerned.

The CNIL, in this regard has conducted over seven online observations in April and June this year and questioned Microsoft over its privacy policy to check whether Windows 10 was following the French Data Protection Act.

CNIL revealed several areas of concerns including irrelevant or excessive data collection, lack of security, lack of individual consent, lack of information and missing options to block cookies and data being transferred outside EU on ‘safe harbour’ basis.

The authority found that Microsoft was collecting user data such as the number of apps that are being downloaded and installed and the time that is spent on each app, which the agency says is unnecessary information.

CNIL also pointed about the lack of user consent from Microsoft and other third party apps to monitor user browsing and offer targeted advertising. This is accomplished through an advertising ID which is activated by default in Windows 10.

Advertising cookies have been placed on users’ terminals without properly informing them in advance or giving the users an option to disable them.

Content from our partners
Sherif Tawfik: The Middle East and Africa are ready to lead on the climate
What to look for in a modern ERP system
How tech leaders can keep energy costs down and meet efficiency goals

Also, CNIL pointed out that personal data from account holders is being transferred to US on a ‘safe harbor’ basis but this was not possible since the decision issued by the Court of Justice of the European Union in October 2015.

With these issues at hand, CNIL has decided to give a formal notice to Microsoft to comply with the Act within three months.

CNIL has also noted that it was not about preventing advertisements, but to enable users to choose freely by being properly informed of their rights.

Respoding to the notice, Microsoft vice president and deputy general counsel David Heiner said: "We built strong privacy protections into Windows 10, and we welcome feedback as we continually work to enhance those protections.

"We will work closely with the CNIL over the next few months to understand the agency's concerns fully and to work toward solutions that it will find acceptable.

Topics in this article :
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.