A formal notice on the CNIL website instructs Microsoft to put an end to the “excessive” data collection linked to Windows 10. It goes on to criticize the company for tracking its users web browsing habits without their consent, failing to offer proper security protections, and delivering targeted advertising materials without the user’s consent.
Microsoft also stands accused of transferring personal data belonging to account holders back to the United States on a “safe harbor” basis. However, the safe harbor agreement was invalidated by a decision issued by the European Union’s Court of Justice back in October 2015, according to a report from The Verge.
The CNIL report is based on an investigation that was carried out between April and June 2016. The organization was prompted to scrutinize Windows 10 because the operating system apparently has some 10 million users in France alone — although apparently other European data protection authorities are looking into the situation.
The statement from CNIL makes it clear that the report doesn’t seek to prohibit Microsoft from using its services to advertise. Instead, it seeks to “enable users to make their choice freely, having been properly informed of their rights.”
If Microsoft does not make the necessary changes over the three-month period laid out by CNIL, the organization is threatening to appoint an external investigator to draw up a report recommending sanctions.
However, it seems that the company is willing to work with the CNIL to rectify the situation. David Heiner, vice president and deputy general counsel of the Regulatory Affairs team at Microsoft, noted that the company will collaborate with CNIL to “work toward solutions that it will find acceptable,” according to a report from Reuters.
