France or­ders Mi­crosoft to stop col­lect­ing ex­ces­sive user data

The CNIL said the U.S. com­pany had three months to stop track­ing brows­ing by users so that Win­dows apps and third-party apps can of­fer them tar­geted ad­ver­tis­ing with­out their con­sent, fail­ing which it could ini­ti­ate a sanc­tions pro­ce­dure.

Metro USA (Boston) - - NEWS -

The French data pro­tec­tion au­thor­ity on Wed­nes­day or­dered Mi­crosoft Cor­po­ra­tion to stop col­lect­ing ex­ces­sive data on users of its Win­dows 10 oper­at­ing sys­tem and serv­ing them per­son­al­ized ads with­out their con­sent.

A num­ber of EU data pro­tec­tion au­thor­i­ties cre­ated a con­tact group to in­ves­ti­gate Mi­crosoft’s Win­dows 10 oper­at­ing sys­tem fol­low­ing its launch in July 2015, the French pri­vacy watch­dog said.

The ac­tion against Mi­crosoft mir­rors that taken by the CNIL against Face­book, which was or­dered in Fe­bru­ary to stop col­lect­ing users’ in­for­ma­tion then used for ad­ver­tis­ing with­out their con­sent.

Mi­crosoft pro­cesses in­for­ma­tion on all the apps down­loaded and in­stalled on Win­dows by a user and the time spent on each one to iden­tify prob­lems and im­prove its prod­ucts. How­ever the CNIL said it con­sid­ered this to be ex­ces­sive since the data “are not nec­es­sary for the op­er­a­tion of the ser­vice.”

The French watch­dog also said that Mi­crosoft puts ad­ver­tis­ing cook­ies on users’ ter­mi­nals with­out prop­erly in­form­ing them be­fore­hand or giv­ing them a chance to opt out.

“It has been de­cided to make the for­mal no­tice pub­lic due to, among other rea­sons, the se­ri­ous­ness of the breaches and the num­ber of in­di­vid­u­als con­cerned [more than 10 mil­lion Win­dows users on French ter­ri­tory],” the CNIL said in a state­ment.

“The pur­pose of the no­tice is not to pro­hibit any ad­ver­tis­ing on the com­pany’s ser­vices but, rather, to en­able users to make their choice freely, hav­ing been prop­erly in­formed of their rights.”

While the fines that can cur­rently be levied by Euro­pean data pro­tec­tion au­thor­i­ties are pal­try com­pared to the rev­enues of big U.S. tech com­pa­nies, a new Euro­pean Union data pro­tec­tion law set to en­ter into force in two years pro­vides for fines of up to 4 per­cent of a com­pany’s an­nual global turnover.

In ad­di­tion, the CNIL said Mi­crosoft was still il­le­gally trans­fer­ring data to the United States us­ing the Safe Harbour frame­work, which was struck down by the top EU court in Oc­to­ber on con­cerns about mass U.S. sur­veil­lance prac­tices.

Com­pa­nies have had to rely on al­ter­na­tive le­gal struc­tures such as “model clauses” to move data across the At­lantic in line with tough EU data trans­fer­ral rules.

How­ever a source at the com­pany said that Mi­crosoft uses model clauses for U.S. data trans­fers and is only still cer­ti­fied un­der Safe Harbour due to con­trac­tual obli­ga­tions.

Mi­crosoft GETTY IMAGES

Newspapers in English

Newspapers from USA

© PressReader. All rights reserved.