France: Microsoft must stop excessive data collection in Windows 10

French privacy regulator CNIL is demanding that Microsoft stop “excessive data collection” and user tracking within three months. They would not have given permission for that. Microsoft allegedly violated French law.

The regulator states that after the release of Windows 10 in June 2015, there were various voices that Microsoft would collect personal data on a large scale. After that, the watchdog launched an investigation and presented its findings on Wednesday. For example, the CNIL mentions that Microsoft collects data through its telemetry service. This includes data from apps and the Windows Store, such as how much time a user spends per application.

This practice would lead to Microsoft ‘excessively’ collecting a lot of data that is not necessary for the execution of its service. In addition, this data is not sufficiently secured, because there is no limit to the number of times users can enter their Microsoft account PIN. In addition, there is no permission from Windows 10 users to create a so-called ‘Advertising ID’ by default during the installation of the operating system. Also, Microsoft would not sufficiently inform users about the placement of cookies.

Finally, the Redmond-based company would still export personal data to the US under the rules of the Safe Harbor scheme, which has since been superseded by the Privacy Shield. Therefore, use of the old scheme is no longer permitted. With the action against Microsoft, the CNIL wants to achieve that users can make free choices and are sufficiently informed. Microsoft has said in a response that it will work with the CNIL in the coming months to address the complaints, ZDNet writes. The company also states that, in addition to the Safe Harbor arrangement, it also uses other ways to store data, including model contracts.