Learn What IT Pros Need to Know About Windows 11 - August 26th at 1 PM ET! Learn What IT Pros Need to Know About Windows 11 - August 26th at 1 PM ET!
Windows 10

France Says That Windows 10 Violates Personal Privacy Laws

France Says That Windows 10 Violates Personal Privacy Laws

France’s CNIL, which is tasked with protecting personal data and preserving individual liberties, this week accused Microsoft of violating the French Data Protection Act by using Windows 10 to “collect excessive user data without their consent.” Quelle horreur!

“The CNIL found that [Microsoft is] collecting diagnostic and usage data via its telemetry service, which uses such data, among other things, to identify problems and to improve products,” the CNIL explains. “To this purpose, Microsoft Corporation processes, for instance, Windows app and Windows Store usage data, providing information, among other things, on all the apps downloaded and installed on the system by a user and the time spent on each one. Therefore, the company is collecting excessive data, as these data are not necessary for the operation of the service.”

The CNIL further asserts that Windows 10 violates the French Data Protection Act by:

Sponsored Content

Read the Best Personal and Business Tech without Ads

Staying updated on what is happening in the technology sector is important to your career and your personal life but ads can make reading news, distracting. With Thurrott Premium, you can enjoy the best coverage in tech without the annoying ads.

… not seeking individual consent. Windows 10 and various installed apps monitor user browsing and offer targeted advertising without obtaining users’ consent.

… being insecure. By letting users choose a four-digit PIN to authenticate themselves, Microsoft is opening up users to theft of their payment instruments. “The number of attempts to enter the PIN is not limited, which means that user data is not secure or confidential,” the CNIL says.

… offering no option to block tracking cookies. The CNIL charges that Microsoft “puts advertising cookies on users’ PCs without properly informing them of this in advance or enabling them to oppose this.”

… inappropriately using out-of-date EU “safe harbor” rules to transfer personal data to the U.S. Microsoft is transferring users’ personal data to the United States, but this is illegal given a decision issued by the Court of Justice of the European Union in October 2015, the CNIL says.

The CNIL has given Microsoft three months to reply to these accusations and to change Windows 10 and its policies to conform with French law. Should Microsoft not comply within the stated time, it will be officially sanctioned and could be fined up to 4 percent of its annual global revenues.

The CNIL has also alerted the software giant that other European Union member states are conducting similar investigations into Windows 10’s alleged privacy issues and could issue their own findings against the firm.

“The purpose of the notice is not to prohibit any advertising on the company’s services but, rather, to enable users to make their choice freely, having been properly informed of their rights,” the CNIL says. “It has been decided to make the formal notice public due to, among other reasons, the seriousness of the breaches and the number of individuals concerned (more than ten million Windows users on French territory).”

For its part, Microsoft says it will work to comply with French law.

“We will work closely with the CNIL over the next few months to understand the agency’s concerns fully and to work toward solutions that it will find acceptable,” Microsoft vice president and deputy general counsel David Heiner said.

Related Topics:


Don't have a login but want to join the conversation? Sign up for a Petri Account

Comments (0)

Leave a Reply

Paul Thurrott is an award-winning technology journalist and blogger with over 20 years of industry experience and the author of over 25 books. He is the News Director for the Petri IT Knowledgebase, the major domo at Thurrott.com, and the co-host of three tech podcasts: Windows Weekly with Leo Laporte and Mary Jo Foley, What the Tech with Andrew Zarian, and First Ring Daily with Brad Sams. He was formerly the senior technology analyst at Windows IT Pro and the creator of the SuperSite for Windows.

Register for Advanced Microsoft 365 Day!

GET-IT: Advanced Microsoft 365 1-Day Virtual Conference - Live August 24th!

Join us on Tuesday, August 24th and hear from Microsoft MVPs and industry experts about how to take advantage of Microsoft 365 at a technical level and dive deep into the features and functionality that will make your environment more secure and compliant.


Sponsored By