The French National Data Protection Commission (CNIL) has released a formal notice announcing that Windows 10 is in breach of the country’s Data Protection Act.
CNIL has declared that the operating system gathers an ‘excessive’ amount of personal data about its users and that there are ‘many failures’ in its compliance with France’s Data Protection Act. CNIL added that Microsoft’s data gathering is ‘not necessary for the operation of the service’.
Windows 10 records information about which apps users install and how long they are open. It also triggers an advertising ID by default which monitors users’ browsing habits and generates targeted ads.
Further to this, Microsoft was transferring data
outside of the European Union, despite an EU decision last year which prohibited this.
Harmit Kambo, campaigns director at Privacy International, said: "It is high time that companies are called to account about the amount of data they collect about us without our consent. Why do they need so much data about us, and why are they not open with us about it?"
He added: "CNIL's public notice to Microsoft Corporation should be a wake up call to all companies, that it's unacceptable to hoover up their customers' data without their consent."
Microsoft said it will work closely with the CNIL over the next few months to understand the agency's concerns and to ‘work toward solutions that it will find acceptable’.