French watchdog blasts Microsoft over Windows 10's privacy failings

Redmond has three months to comply with the French Data Protection Act

A French regulatory body has blasted Microsoft over Windows 10's habit of hoovering up plentiful user data, giving Redmond a deadline in which the firm must do something about it.

This warning comes from the Commission Nationale de l'Informatique et des Libertés (CNIL), which has issued an ultimatum to Microsoft to clean up its act in the privacy stakes and comply with French data protection regulations. Redmond has three months to do so or the software giant risks being fined.

The CNIL insists that Microsoft must "stop collecting excessive data and tracking browsing by users without their consent", and furthermore that the company must ensure "satisfactory measures" are taken in terms of keeping user data confidential and secure.

The regulatory body listed Windows 10's failings which went beyond excessive data collection to include complaints about a lack of security, specifically the fact that Redmond doesn't limit the amount of login attempts that can be made with a PIN to a user's Microsoft account (or other online services).

The company was also criticized for sending data from the EU back to the US under 'safe harbor' when the latter is now irrelevant in Europe thanks to a recent EU ruling.

Fast and loose

Having such a strongly worded official warning fired at it will obviously be a major concern for Microsoft, particularly seeing as there has been much talk for a while now about how Windows 10 plays relatively fast and loose with user data.

Indeed, in a survey of companies we highlighted earlier today, while IT pros praised Windows 10 for many strengths, their major concern with the OS was 'data privacy guarantees'.

Microsoft has responded to this matter, and as the Register reports, David Heiner, deputy general counsel, issued a statement to say: "We built strong privacy protections into Windows 10, and we welcome feedback as we continually work to enhance those protections. We will work closely with the CNIL over the next few months to understand the agency's concerns fully and to work toward solutions that it will find acceptable."