After an examination of how Microsoft tracks Windows 10 users France’s data protection commission, CNIL, has ordered the software giant to “stop collecting excessive user data” without their explicit consent within the next three months, the commission wrote in a blog post. CNIL found Windows 10 violated five primary points of the the French Data Protection Act:
• Irrelevant or excessive data collected, included the amount of time a user spends in an app
• A lack of security, due to Microsoft ID PINs not having a limit to the number of attempts a user can make to enter the correct one
• Lack of individual consent to an advertising ID activated by default when Windows 10 is installed
• Lack of information and no option to block cookies
• Data still being transferred outside EU on a “safe harbour” basis
If Microsoft does not make changes to the above points, CNIL says it may issues sanctions against the company.