France claims Windows 10 does not comply with country's data protection rules [Update]

France's government claims that Microsoft is collecting what it says is "excessive data" from Windows 10 PCs. The country's National Data Protection Commission (CNIL) says it has given Microsoft three months to make changes that will comply with France's data protection rules.

In a press release, the commission stated:

The CNIL found that the company was collecting diagnostic and usage data via its telemetry service, which uses such data, among other things, to identify problems and to improve products. To this purpose, Microsoft Corporation processes, for instance, Windows app and Windows Store usage data, providing information, among other things, on all the apps downloaded and installed on the system by a user and the time spent on each one. Therefore, the company is collecting excessive data, as these data are not necessary for the operation of the service.

The CNIL also claims that "advertising ID is activated by default when Windows 10 is installed" which it says allows Windows 10 apps from Microsoft and others "to monitor user browsing and to offer targeted advertising without obtaining users' consent." In addition, the commission claims that there is a lack of security for Microsoft's online services:

The company allows users to choose a four characters PIN to authenticate themselves for all its on-line services, notably to access to their Microsoft account, which lists purchases made in the store and the payment instruments used, but the number of attempts to enter the PIN is not limited, which means that user data is not secure or confidential.

The CNIL warns it may take action against Microsoft if it does not make changes to Windows 10:

Should Microsoft Corporation fail to comply with the formal notice within the specified timescale, the Chair may appoint an internal investigator, who may draw up a report proposing that the CNIL's restricted committee responsible for examining breaches of the Data Protection Act issue a sanction against the company.

Update: Microsoft's vice president and deputy general counsel, David Heiner, has now issued a statement in response to the French government's charges, noting that the company will "work closely with the CNIL over the next few months to understand the agency's concerns fully and to work toward solutions that it will find acceptable." You can read the full response below.

"Earlier today Microsoft received a notice from the French data protection authority, the Commission Nationale de l'Informatique et des Libertés or CNIL, raising concerns about certain aspects of Windows 10. The notice gives Microsoft three months to address the issues.We built strong privacy protections into Windows 10, and we welcome feedback as we continually work to enhance those protections. We will work closely with the CNIL over the next few months to understand the agency's concerns fully and to work toward solutions that it will find acceptable.The CNIL noted that the Safe Harbor framework is no longer valid for transferring data from European Union to the United States. We fully understand the importance of establishing a sound legal framework for trans-Atlantic data transfers, and that is why Microsoft has been very supportive of the efforts on both side of the Atlantic that led to last week's adoption of the Privacy Shield.As the European Commission observed, Microsoft's January 2016 Privacy Statement states that the company adheres to the principles of the Safe Harbor Framework. Microsoft has in fact continued to live up to all of its commitments under the Safe Harbor Framework, even as the European and U.S. representatives worked toward the new Privacy Shield. As we state in our privacy statement, in addition to the Safe Harbor Framework we rely on a variety of legal mechanisms as the basis for transferring data from Europe, including standard contractual clauses, a data transfer mechanism established by the European Commission and approved by European data protection authorities, to cover data flows from the European Union to the United States.Microsoft will release an updated privacy statement next month, and that will say Microsoft intends to adopt the Privacy Shield. We are working now toward meeting the requirements of the Privacy Shield."

169 Comments
  • This should be looked upon by Microsoft quickly..
  • But they don't collect anything more than Google. They probably collect a fraction of what they do. As for the ad thing, that should be off by default.
  • You mean Android which it totally different thing (where Google collects data). Google doesn't have computer OS (forget Chromebook), Nobody seriously using it
  • Android is a computer OS. A smartphone it's a computer. Now, telemetry data is not personal information in any way. France doesn't want any data being sent with out their consent.
  • Ridiculous. Smartphones/tablets ARE computers. Android/Chrome ARE computer OS. I don't believe your chosen reality is pertinent. For instance in my chosen reality Octopuses are evil and are trying to take over the world. It doesn't make it true.
  • To be honest, Google allows you to turn off a ton more diagnostic data in Android than Windows does.  I still have an HTC One M8 (albeit SIM-less) that I can post screenshots of, if you so wish...  Would you like a comparison? Microsoft literally forbids you to turn off the Telemetry, and they collect way too much data.  This was bound to happen in the EU.  The US won't do anything about it, becuase it's Microsoft and if any action is taken here it will literally be precedent for elsewhere in the world as a result (while the opposite is often not the case, particularly as it pertains to US companies). It also takes literally 5 or less clicks/taps to turn this off in iOS and OS X. What Microsoft does in Win10 is something most people would have assumed Google would have tried, which is probably why so many people are ignorantly equivocating it to Android.  That's a very false statement, though.  Google doesn't do this.  There is a difference between having options to collect data and completely forbidding users from turning this collection off on their devices.  Also, the collection of Data is not necessary for hte operation of Microsoft's services or the software installed on that machine. MIcroosft is doing this because they want to use you guys as free testers after laying off a ton of thier employees in that department, as well as Ad-Targeting in Apps and in the Windows Store (or on your Start Screen, since some of you people feign love for that even though it's a disgusting practice).
  • Just several days ago..i read news that Android now know where you download your apps..that data breach also right? Posted via the Windows Central App for Android
  • Which options Microsoft is not allowing to turn off.
  • Automatic updates in Windows 10 and a completely off switch for telemetry.
  • They don't know what they're talking about. You don't either it seems. If you have a store, you need info to run it, simple as that. They use the data to show relevant apps and ads for the apps that use that, and to adjust the store itself, among other things to run the store. What, you didn't know that you need to research your customers base, to run a store...?
  • Dont forget chrome it doesnt look your pc but it does look everything you do when you use it :3
  • What? How is Android different? If anything, your phone is a *more* personal device than a PC, and data miners can know an enormous amount about you from monitoring your phone habits.
  • BEEN SCREAMING about this for ages now.  YES MS COLLECTS ALL KINDS OF DATA on its users.   Had people here argue with me black and blue that they dont....but yep they do.  ALOT.   its the Nutella way.  Collect data,  at all costs,  and then make profits from it.   Its his mantra.  services = data collection/$$$$ + subscription style softweare/$$$$$ = happy NUTELLA.  who cares about the user,  who cares about the product being used.   MS is going away from my entire computing system soon!  CANT WAIT either to be free of them. 
  • Telemetry has always been collected to improve the service. Even Apple and Google do this. But the data is anonymous.
  • That word is to technical for Steve Adams to comprehend.
  • Wow someone is having a hissy fit. Are you also stamping your feet? Posted via the Windows Central App for Android
  • Should it? You know that's about targeted ads. You want random ads instead? Wow, much improvement.
  • took them a lot of time to realize this i hope Microsoft will realease a EU version without the spyware crap DISLIKES incoming 3 2 1.........
  • Why alot of people get suspicious about windows 10, by the way, I didn't use this version. Posted via the Windows Central App for Android
  • Dislikes incoming? so you already know you say a pretty retarded thing no? haha funny people like you. seems like you are seeking attention. What Spyware crap? it seems like you don't even know what a Spyware is. you probably dont know BS about technology and you are just farting and thinking that's actually knowing what's going on on Windows 10. many has claimed, Windows 10 is so evil and spyware with even a keylogger (what the hell, are you this dumb?), yet NOBODY has ever shown real proof, all they do it's talk talk talk. you know why? because just like people like you, you have NO idea what you are talking about.
    Windows behaves the same thing as before, it hasnt changed for years. what is the problem now? why is people with no brain try to come in a technology news site and start spreading crap? it's over ONE YEAR, have you ever seen a real evidence that Windows 10 is spyware? and it watches you even when you watch porn and do your nasty stuff? You probably have facebook, Twitter, and if you don't you are using INTERNET, yes you show your apparently brain abscence but you are actually exposing yourself to any privacy attack or anything, do you think your ISP doesn't know what you are doing? they would know it if they wanted, that's why many can't download torrents anymore and get instant notice. So please, next time research a little more. try to get proof and stop with the crap, it's been ONE YEAR. do you know what one year is? 365 days, and NOBODY has ever given any proof of this "awful Opererating System". Anything that does some sort of use of a Microsoft account can be disabled, even the updates can be disabled if you are dumb enough to refuse to avoid updates.
    so what are you talking about clueless person? The only "evidence" of Windows 10 making thousands of connections it was actually from an idiot who didn't even know how to do it and even Ed Bott wrote about it because it was obviously misleading and stupid, the guy didnt even have internet connection which makes things obvious that Windows would try to reconnect to X or Y service. Again, research and stop talking crap. Thank you. you already knew people would dislike your comment, becuase guess what, IT IS STUPID. so dont feel offended.
  • You are the one talking crap. I hope not just France but the EU as a whole seriosly looks at the privacy **** Microsoft is trying to pull with Windows 10. Not to mention the **** ton of ads they showed into every aspect of the OS, including the Start Menu with their 'suggested apps' ****, and the once free games like solitaire that are now advertisements and data mining pieces of crap, unless you pay a subscription fee. I am sure some Microsoft fan boy is going to say you can turn most of this off, but the problem is a normal user is not going to hunt around the OS for half an hour to turn off all the data mining features Microsoft has showed into the OS. Maybe its time Microsoft looked back at their Scroogled campaign and do what they used to preach before the disaster that is Nadella came on board.  
  • Nutella at work,  data mine,  collect as much information and make money off it.  SCAM artist. 
  • Very well said!!! It's hilarious how Microsoft literally became what they were advertising against, such hypocrisy...
  • It is funny how those who are whining the most are using android and google chrome where google does no different lol... 
  • Holy crap I hope that you don't own an Android phone! You'd explode if you do (Or have chosen to ignore stuff)
  • If you were a developer you would want MS advertising your app or game to the users. So that's why there is a section of suggested apps
  • Nothing has changed? Umm...yes it has. Windows 10 collects more data than previous versions of Windows. That is a fact.They even implemented all of that stuff into Windows 7. Also, please get off your high horse. You've had many stupid/fanboy posts in the past.
  • Wow is this a meeting of the tin foil hat society? Posted via the Windows Central App for Android
  • Stating an undisputed fact means I'm part of the tin foil hat society? Are you going to actually refute any of my points or did you just post that to make yourself feel better. Read this blog post. They clearly say they backported the Windows 10 telemetry to Windows 8 and 7. https://blogs.technet.microsoft.com/netro/2015/09/09/windows-7-windows-8... I never even said anything about how horrible this is or that Microsoft is invading my privacy.
  • Somehow you think Windows 10 is the only piece of software that uses telemetry
  • No, I don't. Where did you read that? I stated a simple fact, that's it. The fanboys only argument is "...but Google". I never even said if this was good or bad. I stook to the facts, unlike you.
  • It's not spyware. Do you know what telemetry data is? It's a bunch of random info that is on no way tried to you personally. It's like if measurements of your home were sent to a building contractor so that they can evaluate how things are looking and if there are any problems with the way your home so theu can improve their building skills, yet they don't know whose home it is or where it is located.
  • Thats the same BS people used to say about metadata, before it came to light how far reaching privacy issues it touches on.
  • "people used to say about metadata" Um, there are many, many types of "metadata" and the use of that word in this context to implicate it as bad is as much "BS" as you claim other people are saying about metadata.
  • Nice comparison
  • Do you still wrap your Kinect in tin foil?
  • You want a EU version of Android and IOS too, and possibly every damn webstore as they ALL collect data off their customers. The idiocy of people astounds me again and again.
  • Because Windows app and Windows Store are MS service MS should send CNIL a copy of Microsoft Services Agreement With all that data we can see most used apps automatically place on "most used" part of start menu, we know how popular an app is, we can received auto update for apps etc etc   Even me who live in 3rd world country not that stupid
  • Your position isn't one of stupitidy.  It's one of ignorance. Lastly, a correction to your post, because it may be helpful if you're learning/trying to improve your English...  Okay, who am I fooling...  It was also painful (read: difficult) to read.  I want you to be aware of what my brain expects to see, compared to what you actually wrote... --- Windows apps and Windows Store are Microsoft services.  Microsoft should give CNIL the Microsoft Services Agreement. With this data, we can see which apps are used most and automatically place them on at the "Most Used" section of the Start menu.  We can see how popular an app is.  We can update apps automatically, etc. Even I, living in a 3rd world country, am not that stupid. --- In particular, pay attention to:  Prepositions (On vs. At), Personal Pronouns (Me vs. I), Determiner use (This vs. That), Subject-Verb Agreement (Bleh and Blah are Microsoft serviceS), Punctuation, Don't delete "to be" in statements (Even <Pronoun>, <phrase>, <to be> <state of being> i.e. Even <I>, <from a third world country>, <am> <not that stupid>.) Some are issues that Native speakers have while trying to act like "super smart debaters" on this blog, so I mainly listed them as pointers and reminders.  I appreciate the people who go out of their way to learn a language they may, or may not, need in their daily lives (depends on the person, country they're from, etc.).  However being an "easier" language to learn (largely due to rigid syntax and widespread use) doesn't mean you can write [****] like this and expect to be comprehensible. It also doesn't mean you should write terrible English, while depending on our ability to decipher terrible English as a means to communicate.  This takes energy.  Why do you think people in other countries, often, switch to English if we are there to practice their language?  It's easier for them to use their English than to understand our broken French/German/Russian/Czech/Finnish/whatever...  Particularly when we're so used to dealing with bad English, even in English-speaking countries (and therefore more tolerant, but there are limits to this). Use Bing Translate if you want to be more easily understood.  You could, likely, also learn a thing or two from its output.
  • Thx Trump
  • There are times when I agree that some correction isn't bad, on an English speaking forum, but this was pretty dick'ish. Posted via the Windows Central App for Android
  • Can I join the course? How much is the fee?
  • On one hand, you argue English is a global language.. But then criticise its usage by non native speakers... If the language is global it has to accept differences in its usage.. Just like there are some differences in spelling and pronunciation between British and American English, there will be differences when people from other nations use it.. When it comes to why we chose English, it was a consequence of British being the primary colonialists in the past few centuries.. Then, after the war US became the superpower.. So it is natural that English is the dominant language in the world now.. But it doesn't necessarily mean it will remain so.. Just consider the fate of Greek, Latin, the dominant languages in the past.. Now where are they?? English may meet the same fate if the arrogance of the so called native speakers comes out like this..
  • @ Sankalp Sam: Classical Latin was only spoken by the upper classmen and clergy, and used for government purposes (due to Roman Domination).  The middle and lower classes (common folk) spoke dialects of Latin termed "Vulgar Latin."  These dialects formed a Dialect Continuum throughout Europe and the Roman Empire, eventually diverging into into what we know as the Romance Languages:  French, Spanish, Portuguese, Italian, Romanian, Occitan, Catalan, etc. Latin was a Lingua Franca.  It was not the language used by all throughout the Roman Empire.  If that was actually the case, Latin would not be a dead langauge.  It was a Lingua Franca, becuase there were too many languages in use throughout the Roman Empire.  One was needed to facilitate communication. English serves that purpose today, but the situation is different. Latin's use was more Religious and Political.  The use of English as a Lingua Franca has more to do with Industrialization and Economics. This is why Latin died, and languages like English, German, etc. lived despite Roman Domination...
  • You must be really stupid. I hope the spelling was correct.
  • The term 3rd world is of American origin.
    The UN had two classifications, namely... Developed and Developing country.
    Don't use stupid when you refer to three earths, there's only one.
  • The data collected does nothing more than improve your experience in the end. Targeted advertising works and any other annonymous information collected will be used to better their services and tailor the experience to better suit their users.
  • Well, France would certainly know about bad security.
  • True *whistle*
  • Indeed. I think France needs to worry about physical security to protect their citizens and tourists first. 
  • You realize their government can do two things at once right? Just like the US has a Department of Homeland Security, we also have the Federal Trade Commission. The members of the French government investigating Microsoft aren't going to have the same skill set as the ones countering terrorism. 
  • And I see nothing to suggest either is competent. France is a frequent terror target. France is the outlier complaining about W10 security.
  • because America is a secure country, right? Mass shootings every week. Americans kill Americans, black kill whites, whites kill blacks but you are laughing at France.... *FACEPALM*
  • There's a difference between citizens killing citizens and terrorist bombing don't you think?
  • Not really, it's all murder.
  • But a citizen killing another citizen it different then some other group terrorizing the people of this country. It's like you can have a lot of security to your own home but if a family members hurts another family member is doesn't mean your home is less secure from the outside.
  • Yes, there's a difference between a external reaction and a plan to kill as many people as possible. Not all killing is murder.
  • A lot of terrorist attacks are committed by citizens. So, what are you trying to get at?
  • "Mass shootings every week" Go get me the mass shootings for each week in the last 52 or shut up.
  • How about just the mass shootings this year? This article from a month ago shows there were 136 mass shootings in the first 164 days this year. But yeah, lets just pretend that we don't have a problem. http://www.cnn.com/2016/06/13/health/mass-shootings-in-america-in-charts-and-graphs-trnd/index.html
  • I registered an account just to give you this. http://www.gunviolencearchive.org/reports/mass-shooting
  • America has definite issues, but mowing down children is very different from career criminals being killed for acting stupid or people killing each other over utterly petty things.
  • The world loves to focus on the problems in America while ignoring their own. The EU loves to believe they are more sophisticated than the US because they don't have a gun culture. But then when the fans of some soccer team lose against another soccer team, they go out and riot, burn cars, beat the hell out of each other, and no one mentions a thing about it. We don't hear anything about it here in the states and the times I have been to Europe they really didn't talk about it too much there, either. When you ask Europeans about it, they just brush it off as those stupid hooligans. But some single stupid idiot decides to go out and shoot some people, well, that is a direct implication of our supposed gun culture. Europe has had their fair share of shootings, knivings, people with swords, people driving trucks through crowds, and much more. ANd when it happens, you treat it as a horrible tragedy - and it is. But I don't see you blaming swords, knives, trucks, or even guns, or, what has happened more recently, religious fanatics. No, it is not blamed on your culture. But then you turn around and start telling us it is guns, and the NRA for promoting them, and everything else under the sun that can possibly be blamed, everything except the person doing the killing. Because it is not the progressive way to blame an individual who actually did the shooting, the right way is to tell the millions of people who are responsible gun owners who are never going to shoot anyone except for the person who may break into their house (and usually they are called wrong for that, too) that they are in the wrong for owning that gun. We hear over and over that the US needs to butt out of the world and mind our own business. Hey rest of the world, quit putting demands on us like how we need to stop using guns, and maybe we will do the same to you.
  • You are an idiot
  • Such a well thought out rebuttal of my comment. You, sir, are well skilled in the art of debate and obviously I have lost this round to your brilliance. Your reply shall go down in the annals of history as the epitome of logic and reason.
  • And where are you to judge them so harshly? Posted via the Windows Central App for Android
  • Sadly, another country asking for trouble by ignoring the root of the problem in the name of political correctness.
  • In a way, i agree... It should be an option which users should manually activate to help Microsoft, not keep it on by default.
  • It actually is optional.
  • You're NOT getting it. Yes, it's optional and can be turned off, but by default it is turned ON.
  • I know that, it just doesn't matter. Especially since you're specifically asked about it during the installation process.
  • And you are among those accusing Google over data collection....
  • I don't accuse anyone, I'm just stating facts.
  • You are a hypocrite
  • If you say so.
  • And the facts are MS collects just as much if not more data than google...sorry if the fanboys can't see through the hazelnut colored cloud that NUTELLA is blowing up their asses!
  • What if you buy a PC with Windows 10 already installed?
  • you get asked on first run, you get asked again when you set up a new account (which you will do after getting a new PC), and you will be asked one final time when you open any related apps.