Windows 10 Dinged over Privacy Concerns in France

Windows 10 has come under fire in France over concerns that the operating system doesn't comply with the country's data privacy laws.

The Commission Nationale de l'Informatique et des Libertés (CNIL), France's data protection commission, said on Wednesday that it has given Microsoft three months to conform to those laws. If Microsoft fails to comply, sanctions could be issued on the company.

CNIL tested the Home and Pro editions of Windows 10 and received explanations in late May from Microsoft about certain software behaviors. However, it seems Microsoft's explanations weren't wholly satisfactory. CNIL listed the following objections:

  • Windows 10's telemetry collects information that isn't necessary for the service, such as information on the applications installed on a machine and the time spent using them.

  • Microsoft ties a personal identification number PIN to its Microsoft account, but PIN entry attempts aren't limited, which is insecure.

  • An "advertising ID" gets installed with Windows 10, which lets applications made by Microsoft or other software companies "monitor user browsing" and target users with ads, without consent.

  • Advertising cookies are placed on machines without consent.

  • Data get transferred to the United States following Safe Harbor rules, but that process is obsolete.

On that last point, the European Commission approved a new "Privacy Shield" legal approach covering data transfers between European Union countries and the United States. Microsoft issued an early statement backing the Privacy Shield, which got European Commission approval on July 12.

Implementation of the Privacy Shield by Microsoft will be coming, according to a statement from David Heiner, vice president and deputy general counsel at Microsoft. "Microsoft will release an updated privacy statement next month, and that will say Microsoft intends to adopt the Privacy Shield," Heiner said, according to this Betanews story.

Heiner also claimed that Microsoft "built strong privacy protections in Windows 10."

The Privacy Shield basically just gives EU citizens the ability to sue in U.S. courts if they become aware of privacy abuses. However, U.S. authorities typically impose gag rules when they request data from service providers, making legal action difficult. The Electronic Privacy Information Center, a privacy and civil liberties advocacy group, recently described the Privacy Shield legal protections as "flawed" since concerns that arose during the committee process got ignored in the final draft.

Microsoft clearly loosened privacy with Windows 10, which is modeled after mobile operating systems that constantly delivery data to improve and support various services. Privacy-conscious Windows 10 users have to go through various settings controls to turn off the default features that might be somewhat iffy in terms of privacy, for instance. That's different from the default experience seen with Windows 7.

One basic problem is that the right to privacy is still a U.S. Supreme Court debate issue that's further undercut by nontransparent U.S. legal procedures. In addition, companies profit from harvesting customer information, which is easily done through software and is either called "marketing" or "telemetry" and disclosed to users through multiple, complex end user legal agreements, with little opt-out ability. It's possible that European agency pressures could change that dynamic somewhat, if corporate profits should be at stake.

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.


  • The 2020 Microsoft Product Roadmap

    From the next major update to Windows 10 to the next generations of .NET and PowerShell, here's what's on tap from Microsoft this year.

  • 2020 Microsoft Conference Calendar: For Partners, IT Pros and Developers

    Here's your guide to all the IT training sessions, partner meet-ups and annual Microsoft conferences you won't want to miss. (Now updated with COVID-19-related event changes.)

  • Microsoft Closing Most of Its Retail Stores

    Microsoft on Friday announced a major shift in its retail operations, with plans to close most of its physical Microsoft Store outlets in favor of online sales.

  • Matrix

    Microsoft, Harvard Describe Joint Privacy Initiative

    To facilitate data sharing while still preserving data privacy, Microsoft and Harvard have embarked on a set of open source tool called the "OpenDP Initiative."

RCP Update

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.