Redmond has three months to comply with these requirements

Jul 21, 2016 05:14 GMT  ·  By

The French National Data Protection Commission (CNIL) has issued a formal notice to Microsoft to stop what they call “excessive” data collection in Windows 10 and user tracking through a number of apps, including Edge and other pre-installed apps.

Microsoft has been given three months to comply with the French Data Protection Act and “stop collecting excessive data and tracking browsing by users without their consent,” with CNIL going through a number of examples that the company needs to deal with in order to get Windows 10 right for French users.

CNIL claims Windows 10 collects “irrelevant or excessive data” with its telemetry services, including apps downloaded and installed on a system, but also the time users spend running each one of them. This is excessive data, CNIL says, “as these data are not necessary for the operation of the service.”

Furthermore, the organization claims that Windows 10 lacks strong security because the four-character PIN that can be used to lock a device running the operating system doesn’t come with a restriction on the number of attempts allowed to each user. This claim, however, is false, as Windows 10 prompts users to write a security captcha after failing to authenticate with a PIN code for several times, while eventually requiring a full system reboot.

And last but not least, the French authorities also explain that an advertising ID is activated by default when Windows 10 is installed in order to allow apps to deliver targeted ads, and advertising cookies are being configured without users being given the option to block them.

Microsoft: We’ll update our privacy policy

Microsoft has already issued a statement regarding this complaint and has explained that the privacy policy will be updated in the three-month window to comply with all requirements.

David Heiner, Vice President and Deputy General Counsel, also says that Microsoft already considers users’ privacy a priority and adds that the company will work together with the CNIL to fully understand the notice and address all worries accordingly.

“We built strong privacy protections into Windows 10, and we welcome feedback as we continually work to enhance those protections. We will work closely with the CNIL over the next few months to understand the agency’s concerns fully and to work toward solutions that it will find acceptable,” he said.

You can read both the official CNIL formal notice and Microsoft’s response in the box after the jump, and we’ll update the article when new information on this case is provided.

CNIL And Microsoft Statements