France Tells Microsoft To Stop Excessive Tracking Of Windows 10 Users

France's data privacy and protection watchdog has ordered Microsoft to put the brakes on what it deems is excessive user data collection in Windows 10. It also took issue with certain elements of Windows 10 that need to be more secure, such as entering the four-character PIN to log into the operating system, and privacy breaches stemming from the browser.

The Chair of the National Data Protection Commission (CNIL) notified Microsoft of its decision following an investigation by a special contact group created by various authorities in the European Union. CNIL says the investigation "revealed many failures," not the least of which is the amount of data Microsoft collects through Windows 10, data that's not necessary for the OS to run. That includes data collected through Windows 10 telemetry service, which Microsoft uses to look for problems and ultimately improve the way its OS behaves.

Windows 10 PC

CNIL also took Microsoft to task for activating an advertising ID by default when Windows 10 is installed, which then allows Windows apps and third-party programs to monitor a user's web browsing activity and deliver targeted ads. The problem CNIL has with this is the lack of user consent.

Beyond data collection and privacy breaches, CNIL was critical of Windows 10 over a lack of security. Specifically, CNIL criticized the way Windows 10 lets users enter a four-character PIN to authenticate themselves for all of Microsoft's online services. The issue here is that there's no limit on the number of attempts to enter the PIN.

CNIL said that Windows 10's shortcomings were significant enough to warrant issuing a public notice, rather than contact Microsoft in private over the matter.

"It has been decided to make the formal notice public due to, among other reasons, the seriousness of the breaches and the number of individuals concerned (more than ten million Windows users on French territory)," CNIL said.

Microsoft has three months to address CNIL's complaints without penalty. If Microsoft isn't able to meet that timeline, there could be further action taken against the company, including sanctions.