Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Privacy

France Serves Notice to Mircosoft on Data Tracking

Paris – France on Wednesday said it had served notice to Microsoft to stop collecting what it deems excessive data and tracking browsing by users without their consent on civil liberty grounds.

Paris – France on Wednesday said it had served notice to Microsoft to stop collecting what it deems excessive data and tracking browsing by users without their consent on civil liberty grounds.

The National Data Protection Commission (CNIL) said in a statement that it had given the US computing giant three months to comply with the French Data Protection Act to ensure user data security and confidentiality.

The agency said media and political groups brought the issue to its attention after Microsoft launched its latest Windows 10 operating system a year ago.

CNIL undertook seven “online observations” to determine the extent of the problem and questioned Microsoft Corporation on its privacy policy to see if Windows 10 fully complied with French data protection legislation, the agency said.

Those investigations “revealed many failures” including collection of “irrelevant or excessive (user) data”, the statement said.

CNIL also criticized Microsoft over the four-character PIN number that enables users to authenticate access to online services, saying the tech giant failed to limit the number of attempts to enter the correct code, threatening data and personal security.

The agency condemned Windows 10’s use of targeted advertising without first obtaining users’ consent, as well as the operating system’s lack of a way to block cookies.

“The company puts advertising cookies on users’ terminals without properly informing them of this in advance or enabling them to oppose this,” the statement said.

Advertisement. Scroll to continue reading.

Microsoft is still transferring user data outside the European Union even though the European Court of Justice ruled on privacy grounds in October that the transfer of European citizens’ data to the United States under the obsolete “safe harbor” basis was no longer valid, CNIL said.

Should Microsoft fail to comply with the formal notice, CNIL would draw up a report on Data Protection Act breaches that could result in a fine of 150,000 euros ($165,000), the agency added.

Microsoft said it would cooperate with CNIL to address its concerns.

“We built strong privacy protections into Windows 10, and we welcome feedback as we continually work to enhance those protections,” Microsoft vice president David Heiner said in a statement.

Concerning transfer of data from Europe to the United States, Microsoft relies on a variety of legal mechanisms, in addition to “safe harbor”, he added.

After a legal wrangle over handling web data between Europe and the United States, the European Union earlier this month launched a controversial deal with Washington aimed at curbing government spying on EU citizens’ personal internet data.

A new “Privacy Shield” sets out tough rules to prevent US intelligence agencies from accessing Europeans’ data, with companies facing penalties if they do not meet European standards of protection.

Microsoft will release an updated privacy statement next month that will say it intends to adopt the Privacy Shield, the company said.

But critics say the new arrangements do not go far enough and will face legal challenges.

*Updated with statement from Microsoft

Written By

AFP 2023

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Compliance

The three primary drivers for cyber regulations are voter privacy, the economy, and national security – with the complication that the first is often...

Artificial Intelligence

Two of humanity’s greatest drivers, greed and curiosity, will push AI development forward. Our only hope is that we can control it.

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...

Privacy

Many in the United States see TikTok, the highly popular video-sharing app owned by Beijing-based ByteDance, as a threat to national security.The following is...

Privacy

Employees of Chinese tech giant ByteDance improperly accessed data from social media platform TikTok to track journalists in a bid to identify the source...

Application Security

Open banking can be described as a perfect storm for cybersecurity. At one end, small startups with financial acumen but little or no security...

Mobile & Wireless

As smartphone manufacturers are improving the ear speakers in their devices, it can become easier for malicious actors to leverage a particular side-channel for...

Government

The proposed UK Online Safety Bill is the enactment of two long held government desires: the removal of harmful internet content, and visibility into...