FileHippo News

The latest software and tech news

Microsoft risks fines unless it complies with a three-month ultimatum from France’s data privacy watchdog, CNIL, to stop collecting masses of data and tracking... Microsoft Threatened By French Watchdog

Microsoft risks fines unless it complies with a three-month ultimatum from France’s data privacy watchdog, CNIL, to stop collecting masses of data and tracking Windows 10 users without their consent, and importantly, transferring data outside the EU to ‘safe harbour’ locations, all in violation of French law.

The Microsoft HQ building in France

The Microsoft HQ building in France

CNIL can levy a maximum fine of €150,000, and that figure can be doubled to €300,000 if the offence is repeated. For Microsoft such a fine is less than loose change in their pocket, but for the French regulator, it’s a matter of principle.

CNIL has form for this type of behaviour. It is widely considered to be one of the few watchdogs in Europe with real teeth, and have been in a years long tussle with Google as well, for their failure to remove global ‘right to be forgotten’ search results.

Following on-line investigations in April and June of this year, CNIL decided that many features of Windows 10 were actually failing to comply with the French Data Protection Act, including:

  • Collecting irrelevant and excessive data from users
  • That there is lack of security in that the number of times login pin codes can be entered incorrectly is not limited
  • That advertising IDs are turned on by default and users can be targeted by individual advertisers without consent.

Crucially, however, the most stinging criticism levelled against Microsoft is that the company is still “transferring its account holders’ personal data to the United States on a “safe harbour” basis.”  

This is despite a previous order of the Court of Justice of the European Union on 6th October 2015 prohibiting the act.

Under French law however, Microsoft has a three-month window to comply with the regulators orders to fix the above issues. If it does not, CNIL will appoint an investigator who could recommend sanctions against the company.

“The purpose of the notice is not to prohibit any advertising on the company’s services but, rather, to enable users to make their choice freely, having been properly informed of their rights,” said the CNIL website.