PARIS, July 22 (UPI) — France’s data protection commission ordered Microsoft Corporation this week to make changes to data collection and security features of its new Microsoft 10 operating system.
A report by the government agency CNIL said Microsoft 10 stores data without the user’s consent on every downloaded app and charts the amount of time spent on each app. It also allows advertising identifiers to be installed by default, allowing Microsoft to obtain information about browsing and to send targeted advertising without the user’s consent. All these actions, CNIL said, are violations of French data protection laws.
The agency also objected to Microsoft 10’s authentication methods, saying it offers unlimited attempts to enter a four-digit PIN, or personal identification number.
CNIL said Microsoft will be given three months to correct the problems before sanctions are imposed. French law allows fines of up to $1.65 million for collection and processing of user’s information without consent.
In a statement, Microsoft said it will address the issues. David Heiner, the company’s deputy general counsel, wrote, “We built strong privacy protections into Windows 10, and we welcome feedback as we continually work to enhance those protections. We will work closely with the CNIL over the next few months to understand the agency’s concerns fully and to work toward solutions that it will find acceptable.”