Share this article

With KB5043178 to Release Preview Channel, Microsoft advises Windows 11 users to plug in when the battery is low

Copilot in Outlook will generate personalized themes for you to customize the app

Microsoft will raise the price of its 365 Suite to include AI capabilities

Death Stranding Director’s Cut is now Xbox X|S at a huge discount

Outlook will let users create custom account icons so they can tell their accounts apart easier

France’s National Data Protection Commission says Windows 10 collects too much data (Updated)

3 min. read

Published onJuly 20, 2016

published onJuly 20, 2016

Share this article

Read our disclosure page to find out how can you help Windows Report sustain the editorial teamRead more

Microsoft has ruffled a few feathers over the last year or so with a number of practices around Windows 10, including what some perceive asoverly aggressive upgrade activitiesandpassing too much information back to Redmond. Apparently, the French government agrees about the latter, as that country’s National Data Protection Commission (NCIL).

According to the NCIL’s recent press release(viaWindows Central), Windows 10 violates French law in a number of key areas outlined in the French Data Protection Act:

Following the launch of the new operating system, Windows 10, in July 2015, the CNIL was alerted by the media and political parties to the possibility that Microsoft Corporation was collecting excessive personal data. Meanwhile, a Contact group was created within the G29 (working party including national data protection agencies in Europe) to examine the issue and conduct investigations in the various member states concerned. It is within this context that the CNIL carried out seven on-line observations in April and June 2016 and questioned Microsoft Corporation on certain points of its privacy policy to check that Windows 10 complied with the French Data Protection Act.

This has revealed many failures :

Irrelevant or excessive data collected:

The CNIL found that the company was collecting diagnostic and usage data via its telemetry service, which uses such data, among other things, to identify problems and to improve products. To this purpose, Microsoft Corporation processes, for instance, Windows app and Windows Store usage data, providing information, among other things, on all the apps downloaded and installed on the system by a user and the time spent on each one. Therefore, the company is collecting excessive data, as these data are not necessary for the operation of the service.

A lack of security:

The company allows users to choose a four characters PIN to authenticate themselves for all its on-line services, notably to access to their Microsoft account, which lists purchases made in the store and the payment instruments used, but the number of attempts to enter the PIN is not limited, which means that user data is not secure or confidential.

Lack of individual consent:

An advertising ID is activated by default when Windows 10 is installed, enabling Windows apps and other parties’ apps to monitor user browsing and to offer targeted advertising without obtaining users’ consent.

Lack of information and no option to block cookies:

The company puts advertising cookies on users’ terminals without properly informing them of this in advance or enabling them to oppose this.

Data still being transferred outside EU on a “safe harbour” basis:

The company is transferring its account holders’ personal data to the United States on a “safe harbour” basis but this has not been possible since the decision issued by the Court of Justice of the European Union on 6th October 2015.

The CNIL has therefore issued a formal notice to Microsoft to comply with French law, along with a three-month deadline. According to the CNIL, the issues affect “more than ten million Windows users on French territory,” which is an interesting statistic all by itself. The formal notice brings no further action by itself, but failure to comply within the designated timeframe could bring a formal investigation and potential sanctions.

So far, we haven’t seen any reaction from Microsoft, but we’ll be looking into this to see if the company has any plans to respond. In the meantime, let us know in the comments what you think about Microsoft’s Windows 10 data collection and if the French government has legitimate reason to be concerned.

Update:Microsoft has responded to the CNIL notice.

Radu Tyrsina

Radu Tyrsina has been a Windows fan ever since he got his first PC, a Pentium III (a monster at that time).

For most of the kids of his age, the Internet was an amazing way to play and communicate with others, but he was deeply impressed by the flow of information and how easily you can find anything on the web.

Prior to founding Windows Report, this particular curiosity about digital content enabled him to grow a number of sites that helped hundreds of millions reach faster the answer they’re looking for.

User forum

0 messages

Sort by:LatestOldestMost Votes

Comment*

Name*

Email*

Commenting as.Not you?

Save information for future comments

Comment

Radu Tyrsina

With KB5043178 to Release Preview Channel, Microsoft advises Windows 11 users to plug in when the battery is low#

Copilot in Outlook will generate personalized themes for you to customize the app#

Microsoft will raise the price of its 365 Suite to include AI capabilities#

Death Stranding Director’s Cut is now Xbox X|S at a huge discount#

Outlook will let users create custom account icons so they can tell their accounts apart easier#

France’s National Data Protection Commission says Windows 10 collects too much data (Updated)#