Microsoft gets a French reprimand against excessive data tracking

23 Jul 2016 | By Vaneet Randhawa
The Microsoft-France data privacy row

The French National Data Protection Commission (CNIL) gave a formal notice to Microsoft regarding Windows 10 security and privacy concerns.

In a firm notice, Microsoft Corporation was told to "stop collecting excessive data and tracking browsing by users without their consent."

Microsoft needs to comply within 3 months.

CNIL's main concern is that Microsoft is making mass surveillance easy for the government.

In context: The Microsoft-France data privacy row

23 Jul 2016Microsoft gets a French reprimand against excessive data tracking

Windows 10 under CNIL scanner since its launch

France's data privacy agency CNIL had started investigating Windows 10 soon after the operating system was launched in July 2015 at the behest of "media reports and letters from several French political parties".
Love Business news?
Stay updated with the latest happenings.

Similar noticesCNIL's reprimands to Google and Facebook

In 2015, the CNIL issued similar warnings against US tech companies against excessive browser tracking.

Google was ordered to extend Europe's "right to be forgotten" rule to cover all Google sites.

Earlier this year, it directed Facebook to end tracking the web browsing of non-users, according the company 3 months to comply with its orders.

ConcernsPoints of worry for the CNIL

The CNIL found that Microsoft was monitoring apps being downloaded and the time spent on each one.

Further, Microsoft used cookies to push personalized ads without accurately notifying users or enabling them to opt out.

Moreover, the 4-character PIN system employed to reach Microsoft services was insecure, because there was no upper-limit on the number of attempts.

23 Jul 2016What Microsoft had to say

Microsoft vice-president David Heiner told the media that Microsoft "will work closely with the CNIL over the next few months to understand the agency's concerns fully and to work toward solutions that it will find acceptable."

He also said that Microsoft was looking to sign a new EU-U.S. Privacy Shield, a more stringent framework that would replace "safe harbour" agreement.

Safe harbour agreement

The safe harbour agreement was made between the "EC and the US government essentially promised to protect EU citizens' data if transferred by American companies to the US." It is no longer considered valid by Europe.