A Microsoft executive said the company would “work closely” with the CNIL.
Advertisement
Today, Commission Nationale de l’Informatique et des Libertés (CNIL), issued a final warning to Microsoft to stop excessive user data collection.
The findings could herald decisions expected in the coming months in Canada and other European countries over an operating system that has raised a rash of privacy concerns about how it tracks users.
By default, Windows 10 collects various data on how it is used – this includes what apps are installed and how much time is spent within them, for example. That made it illegal to use its provisions to justify the export of Europeans’ personal data to the USA, yet Microsoft continued to do so, CNIL said.
Lack of information and no option to block cookies: Microsoft places advertising cookies on users’ “terminals” without “properly informing them of this in advance or enabling them to oppose this”.
If the IT giant fails to do so, CNIL can appoint an internal investigator who can propose unspecified sanctions against Microsoft for breaching the French data protection act. The issues found, which are numerous, were a result of a contact group investigation into Microsoft and its Windows 10 OS created by a number of European Union data protection authorities. In the meantime, let us know in the comments what you think about Microsoft’s Windows 10 data collection and if the French government has legitimate reason to be concerned. But the issues the CNIL brought up also touch at the heart of an ongoing negotiation between the United States and European Union over the transfer of data across the ocean.
CNIL does not always make public the cease-and-desist notices it issues – companies have a right to privacy, too – but chose to in this case because of the seriousness of the breaches and because they affected so many Windows users, more than 10 million of them in France.
So far, we haven’t seen any reaction from Microsoft, but we’ll be looking into this to see if the company has any plans to respond. “We fully understand the importance of establishing a sound legal framework for transatlantic data transfers, and that is why Microsoft has been very supportive of the efforts on both sides of the Atlantic that led to last week’s adoption of the Privacy Shield”.
Microsoft said that it is willing to cooperate with CNIL and will address the accusations.
Windows 10 has been quite a controversial operating system for Microsoft, and unlike the situation with Windows 8, it hasn’t been because of an interface design choice.
The EU Data Protection laws usually require consent to be explicit, rather than implicit.
Advertisement
A new EU-U.S. data transfer pact will be open to companies as of August 1 and Microsoft has said it will sign up to it.
