Privacy in the Windows 10 operating system sounds like an anecdote. However, the National Data Protection Commission of France (CNIL) does not seem to find it at all funny.
Thus, in an official announcement on July 20, 2016, it asks Microsoft to comply with the French Data Protection Act within three months.
Why Microsoft's Windows 10 operating system is used to "collect large volumes of data and monitor users' browsing without their consent."
In addition, the Commission is asking Microsoft to "ensure the security and confidentiality of user data".
A task force analyzed Microsoft's Windows 10 operating system and policy protectionof privacy, from April to June 2016 to make sure Windows 10 complies with French Privacy Law.
The Working Group found in its inquiry the following issues:
Collect unrelated or excessive data: The CNIL states in its report that Microsoft collects data that is not required “for mode of the service". Microsoft collects Windows Store usage data, for example, and according to the CNIL, this is not necessary for the operation of the operating system.
Lack of security: Windows 10 users can connect to a PIN (a four-digit password) that is used for authentication. This PIN provides access to the operating system as well as data in the Windows Store account. The operating system does not limit the number of attempts to enter the PIN.
Lack of individual consent: Windows 10 uses a default ad ID that can be used by applications, and third parties. Thus Microsoft "monitors users 'browsing to deliver targeted advertising without users' consent".
Lack of information and no choice for cookie blocks: Microsoft uses advertising cookies as "terminals" for users, without "properly updating them in advance and not allowing them to do anything else".
Data is still transferred outside the EU to a “safe harbor”: Ta privacy are transferred to a "safe harbor" of the United States, but it should not be so since "the decision is issued by the Court of Justice of the European Union on October 6, 2015."
CNIL gives Microsoft a period of three months to fix these themethe. Failure to comply may result in penalties against Microsoft.
