France’s National Data Protection Commission has issued a stern notice to Microsoft over excessive user tracking on Windows 10. The governing body has asked the IT giant to stop collecting excessive data and tracking browsing by users without their consent. The Commission has given Microsoft 3 months to comply with the French Data Protection Act or face further investigation.
The commission mentioned that media and political parties have brought the tracking issue to its attention since the launch of Windows 10 in July 2015. Subsequently, a Contact group was created within the G29 to examine the issue and conduct investigations in the various member states concerned.
Microsoft found guilty on multiple parameters
CNIL found Microsoft violating its policies under several parameters. This includes,
- Collection of unnecessary and excessive data: CNIL found Microsoft guilty of collecting diagnostic and usage data via its telemetry service, which uses such data, among other things, to identify problems and to improve products.
- Lack of security: The commission found Microsoft four characters PIN authentication system less secure as the number of attempts to enter the PIN is not limited in case of wrong entry.
- Ads with consent: An advertising ID is activated by default with Windows 10 installation, that shows targeted ads without user consent.
- No option to block cookies: CNIL observed that Microsoft puts advertising cookies on users’ terminals without properly informing them of this in advance or enabling them to oppose this.
- Data transferred outside EU: CNIL also criticized Microsoft of transferring its account holders’ personal data to the United States under the obsolete “safe harbour” basis which is no longer valid.
Speaking on the issue, David Heiner, Microsoft vice-president and deputy general counsel, said,
“We will work closely with the CNIL over the next few months to understand the agency’s concerns fully and to work toward solutions that it will find acceptable.”
Since Windows 10 launched, there has been several reports of data tracking activities by the OS. This notice could just be a timely reminder to the company.
Read: How to disable Windows 10 Telemetry.