Many US tech companies haven’t found France to be a very welcoming place recently. Authorities in the country told Facebook it must stop tracking non-users and sending data to the States earlier this year, and Google had its Paris headquarters raided by Police in a tax evasion probe last May.
The latest firm to incur the wrath of France’s data protection commission is Microsoft. It seems the Commission Nationale de l'Informatique et des Libertés (CNIL) isn’t very happy with Windows 10, and it’s nothing to do with (thankfully now expired) upgrade nagware.
The CNIL has issued a formal notice to Microsoft stating that Windows 10 “must stop collecting excessive user data” from the ten million people in France who have the OS installed without their consent. The watchdog highlighted the fact that Microsoft records which apps users download and how long they spend on them.
Additionally, the CNIL wants Microsoft to stop using cookies to serve up ads without properly informing users and without offering a way to opt out. It also takes issue with the 4-digit PIN system that lets users access their Microsoft accounts; the Commission says it is insecure as it allows an unlimited number of login attempts.
Finally, there’s the problem of Microsoft continuing to transfer French account holders’ personal data to the US under the Safe Harbor agreement, despite the European Court of Justice ruling it invalid back in October last year.
The CNIL has given Microsoft three months to comply with the notice; if no action is taken, an internal investigator may be appointed who could issue sanctions against the company.
In a statement to Reuters, Microsoft vice president and deputy general counsel David Heiner said the company would work closely with the CNIL over the next few months to understand its concerns fully and "to work toward solutions that it will find acceptable."