The National Data Protection Commission (CNIL) said that they had given Microsoft three months to comply with the French Data Protection Act. Political groups and the media had brought the issue of confidentiality to the government's attention, after they launched their latest operating system, Windows 10.
The CNIL checked on several occasions to see if Microsoft was in line with French data protection laws and the investigations revealed numerous areas of concern, as well as multiple failings — specificaly, "excessive" collection of users' data.
#Windows10 | @CNIL_en serves formal notice to MICROSOFT to comply w/ the French Data Protection Act within 3 months→ https://t.co/npTP3Mb4Q9
— CNIL_en (@CNIL_en) July 20, 2016
So how does Microsoft collect this data? It's quite simple, they put advertising cookies on users' terminals, but they do not inform them of this, because it would enable the user to oppose the data collection.
"Microsoft is still transferring user data outside the European Union even though the European Court of Justice ruled on privacy grounds in October that the transfer of European citizens' data to the United States under the obsolete "safe harbour" basis was no longer valid," CNIL said in a statement.
free Windows 10
— RogueStar13 (@thekristoffer13) May 29, 2016
#lol #kek #humor #funny #srstriggered pic.twitter.com/ITkcmYPgvK
Now that the notice has been given, if Microsoft fail to comply with this, CNIL would draw up a report on the Data Protection Act and that could result in a fine of US$165,000.
Microsoft said it would cooperate with CNIL to address its concerns.
"We built strong privacy protections into Windows 10, and we welcome feedback as we continually work to enhance those protections," Microsoft vice president David Heiner said in a statement.
Concerning transfer of data from Europe to the United States, Microsoft relies on a variety of legal mechanisms, in addition to the no longer valid "Safe Harbor," Heiner added.
@why0hy Microsoft has three months to comply. By then Safe Harbor 2 will be in force. That will "solve" one of the problems.. #PrivacyShield
— Jesper Lund (@je5perl) July 20, 2016
Critics and privacy campaigners have said however, that this does not go far enough and more needs to be done.
This latest security issue comes just a few days after the terrorist attack in Nice and confirms what many experts have said about France, the people care more about privacy than security.
"In Britain if you ask [the public] whether they prefer security or privacy, they will say security. If you ask that question to the French, you always get the opposite response. The French have got to combat this defeatism. Voices in France say 'if we do this we are getting rid of our liberty.' That is rhetorical nonsense, the last thing that a terrorist wants is better security," Professor Anthony Glees, a terrorism expert at the University of Buckingham told Sputnik.
