Privacy in the Windows 10 operating system sounds like an anecdote. However, the National Data Protection Commission of France (CNIL) does not seem to find it at all funny.
Thus, in an official announcement on July 20, 2016, it asks Microsoft to comply with the French Data Protection Act within three months.
Why Microsoft's Windows 10 operating system is used for “high volume collection data and for monitoring browsing users without their consent.”
In addition, the Commission is asking Microsoft to “ensure that better safety and the confidentiality of the user's data".
A working group analyzed Microsoft's Windows 10 operating system and privacy policy from April to June of 2016 to make sure that Windows 10 complies with French Privacy Policy.
The Working Group found in its inquiry the following issues:
Collect unrelated or excessive data: CNIL says in its report that Microsoft is collecting data that is not needed "to run the service". Microsoft collects Windows Store usage data, for example, and according to CNIL, this is not necessary for the operating system to function.
Lack of security: The users του Windows 10 μπορούν να συνδεθούν με ένα PIN (έναν τετραψήφιο κωδικό) που χρησιμοποιείται για τον έλεγχο ταυτότητας. Αυτό το PIN παρέχει πρόσβαση στο λειτουργικό σύστημα, αλλά και σε δεδομένα του λογαριασμού του Windows Store. Το λειτουργικό σύστημα δεν περιορίζει τον αριθμό των προσπαθειών εισαγωγής του PIN.
Lack of individual consent: Windows 10 uses a default ad ID that can be used by applications, and third parties. Thus Microsoft "monitors users 'browsing to deliver targeted advertising without users' consent".
Lack of information and no choice for cookie blocks: Microsoft uses advertising cookies as "terminals" for users, without "properly updating them in advance and not allowing them to do anything else".
Data is still being transferred outside the EU to a 'safe harbor': Personal data is being transferred to a 'safe harbor' in the United States, but it should not have been as' the ruling is being delivered by the European Court of Justice on 6 October 2015. ”
CNIL gives Microsoft a three-month period to fix these issues. Non-compliance can lead to sanctions against Microsoft.
