Upcoming Webinar
Cayosoft Shows How Forest Recovery Tech Addresses Survey Issues
Join this webinar and not only learn about what your peers are doing, but also learn about a new patent-pending modern approach to AD forest recovery from Cayosoft.
New episode!
The Scoop on Loop: The Latest Innovations Directly From Microsoft!
Darrell Webster speaks to Rebecca Keys, a Program Manager from the Microsoft Loop team.
Turn Data Protection into an MRR Growth Engine
Security for your customers, revenue for your MSP practice. Access key insights on how to scale your practice with SkyKick’s new eGuide.
MSP eGuide to Package, Sell and Deliver M365 Security Services
Based on input from our top-performing MSPs, SkyKick prepared the MSP Guide to help you navigate the security landscape.

France Says That Windows 10 Violates Personal Privacy Laws

France’s CNIL, which is tasked with protecting personal data and preserving individual liberties, this week accused Microsoft of violating the French Data Protection Act by using Windows 10 to “collect excessive user data without their consent.” Quelle horreur!

“The CNIL found that [Microsoft is] collecting diagnostic and usage data via its telemetry service, which uses such data, among other things, to identify problems and to improve products,” the CNIL explains. “To this purpose, Microsoft Corporation processes, for instance, Windows app and Windows Store usage data, providing information, among other things, on all the apps downloaded and installed on the system by a user and the time spent on each one. Therefore, the company is collecting excessive data, as these data are not necessary for the operation of the service.”

The CNIL further asserts that Windows 10 violates the French Data Protection Act by:

… not seeking individual consent. Windows 10 and various installed apps monitor user browsing and offer targeted advertising without obtaining users’ consent.

… being insecure. By letting users choose a four-digit PIN to authenticate themselves, Microsoft is opening up users to theft of their payment instruments. “The number of attempts to enter the PIN is not limited, which means that user data is not secure or confidential,” the CNIL says.

… offering no option to block tracking cookies. The CNIL charges that Microsoft “puts advertising cookies on users’ PCs without properly informing them of this in advance or enabling them to oppose this.”

… inappropriately using out-of-date EU “safe harbor” rules to transfer personal data to the U.S. Microsoft is transferring users’ personal data to the United States, but this is illegal given a decision issued by the Court of Justice of the European Union in October 2015, the CNIL says.

The CNIL has given Microsoft three months to reply to these accusations and to change Windows 10 and its policies to conform with French law. Should Microsoft not comply within the stated time, it will be officially sanctioned and could be fined up to 4 percent of its annual global revenues.

The CNIL has also alerted the software giant that other European Union member states are conducting similar investigations into Windows 10’s alleged privacy issues and could issue their own findings against the firm.

“The purpose of the notice is not to prohibit any advertising on the company’s services but, rather, to enable users to make their choice freely, having been properly informed of their rights,” the CNIL says. “It has been decided to make the formal notice public due to, among other reasons, the seriousness of the breaches and the number of individuals concerned (more than ten million Windows users on French territory).”

For its part, Microsoft says it will work to comply with French law.

“We will work closely with the CNIL over the next few months to understand the agency’s concerns fully and to work toward solutions that it will find acceptable,” Microsoft vice president and deputy general counsel David Heiner said.

by Paul Thurrott
Jul 20, 2016

Paul Thurrott is an award-winning technology journalist and blogger with over 20 years of industry experience and the author of over 25 books. He is the News Director for the Petri IT Knowledgebase, the major domo at Thurrott.com, and the co-host of ...

What is a Roaming User Profile on Windows?

Sep 1, 2023
Oct 24, 2023
Microsoft to Release Windows 11 LTSC in the Second Half of 2024

Apr 28, 2023
How to Configure Windows LAPS in an Azure Active Directory Scenario

May 3, 2023
Jul 17, 2023

Take our survey

PETRI NEWSLETTERS

Join Petri Insider

Create a free account today to participate in forum conversations, comment on posts and more.