Security Experts:

Connect with us

Hi, what are you looking for?


Privacy & Compliance

French Regulator Accepts Microsoft’s Data Protection Improvements to Windows 10

CNIL Accepts Microsoft’s Data Protection Improvements to Windows 10

CNIL Accepts Microsoft’s Data Protection Improvements to Windows 10

CNIL, the French data protection regulator, has closed the formal notice procedure it served on Microsoft on June 30, 2016 over privacy concerns relating to Windows 10. “Since then,” says CNIL, “the company has brought itself into line with data protection rules, the formal notice procedure has therefore been closed.”

In a statement emailed to SecurityWeek, Microsoft commented, “We are committed to protecting our customers’ privacy and putting them in control of their information. We appreciate the French data protection authority’s decision and will continue to provide clear privacy choices and easy-to-use tools in Windows 10.”

The notice was served last year with three particular concerns: the excessive collection of personal data; the tracking of users’ web-browsing without their consent; and a lack of security and confidentiality of users’ data. Since then, Microsoft has addressed each issue to CNIL’s satisfaction.

On the first, Microsoft has reduced the amount of data it collects by nearly half. “it has restricted its collection to the sole data strictly necessary for maintaining the proper functioning of its operating system and applications, and for ensuring their security,” notes CNIL.

On the second concern, Microsoft now makes it clear that an advertising ID is intended to track web-browsing in order to offer personalized advertising. This now has to be activated or deactivated at installation, and users can reverse the choice at any time.

Over security concerns, Microsoft “has strengthened the robustness of the PIN code allowing users to authenticate to all company’s online services, and more specifically to their Microsoft account,” notes CNIL: “too common PIN code combinations are now forbidden.”

Microsoft has also addressed the other injunctions within the formal notice. It has inserted the information required under Article 32 of the French Data Protection Act; it has requested CNIL authorization for its processing of personal data; it has joined Privacy Shield; and it has ceased placing advertising cookies without obtaining users’ consent.

“The Chair of the CNIL has considered that the company had complied with the French Data Protection Act and has therefore decided to proceed to the closing of the formal notice,” says the CNIL announcement.

Given the size of the sanctions that will become available to CNIL when the GDPR comes into force in May 2018, it is probably a wise move by Microsoft to get compliance sorted now.

Written By

Click to comment

Expert Insights

Related Content

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...


The EU's digital policy chief warned TikTok’s boss that the social media app must fall in line with tough new rules for online platforms...


Meta was fined an additional $5.9 million for violating EU data protection regulations with WhatsApp messaging app.

Mobile & Wireless

As smartphone manufacturers are improving the ear speakers in their devices, it can become easier for malicious actors to leverage a particular side-channel for...

Cloud Security

AWS has announced that server-side encryption (SSE-S3) is now enabled by default for all Simple Storage Service (S3) buckets.


Many in the United States see TikTok, the highly popular video-sharing app owned by Beijing-based ByteDance, as a threat to national security.The following is...


Employees of Chinese tech giant ByteDance improperly accessed data from social media platform TikTok to track journalists in a bid to identify the source...