Posted by Martin Zinaich on July 23, 2016.
Just three days after my last post on Windows 10 privacy issues, The Chair of the National Data Protection Commission (CNIL) issued a formal notice on Microsoft Corporation to stop collecting excessive data. The formal notice gave Microsoft Corporation three months to comply with the French Data Protection Act.
The CNIL found that Microsoft was collecting diagnostic and usage data via its telemetry service and much of that data was not necessary to identify problems or to improve products. One has to wonder how to split the line between identifying problems and privacy invasion in the first place.
It also found that data is still being transferred outside the EU on a “safe harbor” basis. CNIL noted that this practice has not been possible since the decision issued by the Court of Justice of the European Union on 6th October 2015.
An Investigative Team utilized Windows 10 Home 1511 and Pro 1511 for research. Some of the findings include:
It seems the CNIL has thrown the book at Microsoft, citing:
And on the telemetry data grab they had this to say:
Submitted in: Martin Zinaich |
“[Microsoft] Breached the obligation to ensure that the data concerned are appropriate, relevant and not excessive.”