Business Standard

France serves notice to Mircosoft on data tracking

Should Microsoft fail to comply with the formal notice, it would result in a 150,000 euros fine

General view of Microsoft Corporation headquarters at Issy-les-Moulineaux, near Paris. Photo: Reuters

General view of Microsoft Corporation headquarters at Issy-les-Moulineaux, near Paris. Photo: Reuters

AFPPTI Paris
France on Thursday said it had served formal notice on Microsoft to stop collecting what it deems excessive data and tracking browsing by users without their consent on civil liberty grounds.

France's National Data Protection Commission (CNIL) said in a statement it had given the US computing giant three months to comply with the French Data Protection Act to ensure user data security and confidentiality.

CNIL made the demand after Microsoft launched its latest Windows 10 operating system a year ago, saying media and political groups had brought the issue to its attention.

The body added it had undertaken seven "on-line observations" to determine the extent of the problem and questioned Microsoft Corporation on its privacy policy to see if Windows 10 fully complied with French data protection legislation.
 
The French indicated those investigations "revealed many failures" including collection of "irrelevant or excessive (user) data".

The CNIL also criticised Microsoft for allowing users to choose a four character PIN number to authenticate access to on-line services, but without limiting the number of attempts to enter the correct code, something the French deemed liable to hit data and personal security.

The French also decried Windows 10's use of targeted advertising without first obtaining the consent of users and the absence of a means to block cookies.

"The company puts advertising cookies on users' terminals without properly informing them of this in advance or enabling them to oppose this," said the CNIL in a statement issued in French and English.

CNIL also said Microsoft was still transferring user data outside the European Union even though last October the European Court of Justice ruled on privacy grounds that the transfer of European citizens' data to the United States under the obsolete "safe harbour" basis was no longer valid.

The French body added that should Microsoft fail to comply with the formal notice CNIL would draw up a report on Data Protection Act breaches which could result in a 150,000 euros ($165,000) fine.

Don't miss the most important news and views of the day. Get them on our Telegram channel

First Published: Jul 21 2016 | 1:13 AM IST

Explore News