Menu
Windows 10 personal data collection is excessive, French privacy watchdog warns

Windows 10 personal data collection is excessive, French privacy watchdog warns

The French National Data Protection Commission has given Microsoft three months to comply with its order or face fines that could top $1.66 million

Windows 10 breaches French law by collecting too much personal information from users and failing to secure it adequately, according to the French National Data Protection Commission (CNIL).

Some of the privacy failings identified can be remedied by users willing to delve deep into the Windows 10 settings, but one of the commission's gripes is that better privacy should be the default setting, not one users must fight for.

CNIL served Microsoft with a formal notice on June 30, giving it three months to comply with the law, but only made it public on Wednesday.

The commission conducted seven tests of the data sent back to Microsoft by Windows 10 in April and June of this year. Among Microsoft's faux pas was the collection of data about all the apps downloaded and installed on a system, and the time spent on each one, a process CNIL said was both excessive and unnecessary.

Microsoft also failed to protect user data sufficiently, it said, by allowing users to secure their Microsoft accounts containing their purchase history and their means of payment with a PIN consisting of just four digits, and by allowing unlimited attempts to unlock the account.

If Microsoft doesn't comply with CNIL's demands by Sept. 30, then it could face a fine of up to €1.5 million (US$1.66 million) for the poor PIN security, and lesser fines for the other measures, the commission said in its formal notice to the company.

The company also tracked its customers without permission, setting and activating an advertising ID when Windows 10 was installed that allowed apps to target advertising to users. It also put advertising cookies on the computers without giving users a chance to opt out first, CNIL said.

Furthermore, despite Windows 10's system of continuous updates, the company has not taken account of a significant legal change in the European Union since the launch of the operating system.

On Oct. 6, the Court of Justice of the European Union invalidated the Safe Harbor Agreement for the transfer of personal data. That made it illegal to use its provisions to justify the export of Europeans' personal data to the U.S., yet Microsoft continued to do so, CNIL said.

The French data protection authority is not the only one in Europe that has been studying Windows 10's treatment of personal data; others are continuing their investigations.

CNIL does not always make public the cease-and-desist notices it issues -- companies have a right to privacy, too -- but decided to in this case because of the seriousness of the breaches and because they affected so many Windows users, more than 10 million of them in France.

Microsoft representatives did not immediately respond to a request for comment.

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Tags Windows 10

Slideshows

Top 50 defining moments of the New Zealand channel in 2016

Top 50 defining moments of the New Zealand channel in 2016

Reseller News looks back on a tumultuous 12 months for the New Zealand channel, assessing the fallout from a year of sizeable industry change. Whether it be local or global mergers and acquisitions, distribution deals or job changes, the channel that started the year differs somewhat to the one set to finish it - Reseller News assesses the key moments that made 2016.​

Top 50 defining moments of the New Zealand channel in 2016
​Hewlett Packard Enterprise honours high achieving NZ channel

​Hewlett Packard Enterprise honours high achieving NZ channel

Hewlett Packard Enterprise honoured its top performing Kiwi partners at the second running of its HPE Partner Awards in New Zealand, held at a glitzy ceremony in Auckland. Recognising excellence across eight categories - from distributors to resellers - the tech giant celebrated its first year as a standalone company, following its official split from HP in 2015.

​Hewlett Packard Enterprise honours high achieving NZ channel
Nutanix treats channel partners to Christmas cruise

Nutanix treats channel partners to Christmas cruise

Nutanix recently took to the seas for a Christmas Cruise around Sydney Harbour with its Australia and New Zealand staff, customers and partners to celebrate a stellar year for the vendor. With the sun out, they were all smiles and mingled over drinks and food.

Nutanix treats channel partners to Christmas cruise
Show Comments