France objects to Windows 10 user tracking
Officials at CNIL feel that Microsoft's data-collection policies are too wide-ranging.
France's privacy regulator has stared into Windows 10 and feels that the software's doing a bit too much staring back. CNIL has issued a statement saying that the operating system collects too much data about its users. For instance, it explains that Microsoft tracks usage statistics to identify problems, including apps downloaded and time spent in each one. Which, sounds quite reasonable, since most of our days are spent working inside Chrome, Firefox or Edge. But since this information isn't necessary for the day-to-day operation of Windows 10, it's considered to be an infringement on people's privacy.
Officials also feel that Microsoft's security provision for Windows 10 is too lax, thanks to the unlimited times you can enter a PIN. That opens the door for any enterprising attacker to simply brute-force the combination, which CNIL feels makes the operating software "not secure or confidential." Then there's the fact that Windows 10 applies a unique identifier for the purposes of targeted advertising. No guesses for how French officials feel about that, given all you know about 'em.
The last major objection is that Microsoft is still pushing personal data around following the principles of Safe Harbor. These were the set of EU-US privacy protections that were declared invalid late in 2015, with a replacement, called Privacy Shield, only coming into force this month. Naturally, that's the point that Microsoft is fastest to refute, with deputy general counsel David Heiner telling The Register that it will "adopt the Privacy Shield," in the near future. In addition, Microsoft will work with CNIL to ensure that it doesn't have to suffer the pain of penalties.
