Microsoft has been given a stern ticking off by France's National Data Protection Commission (CNIL) over what the regulator regards as "excessive" tracking of users in Windows 10.
CNIL has issued a stark warning to Microsoft, giving the company three months to comply with local laws or face the wrath of the French data protection authority.
Microsoft has been told to apply "satisfactory measures to ensure the security and confidentiality of user data" after government researchers found that the amount of data being collected is not only excessive, but in many cases irrelevant.
Going way beyond the parameters of 'Updategate', CNIL also criticised the lack of limits to attempts when guessing PINs, the lack of consent for advertiser tracking of IDs, insufficient cookie blocking options and the fact that data leaves EU borders.
"The purpose of the notice is not to prohibit any advertising on the company’s services, but rather to enable users to make their choice freely, having been properly informed of their rights," said CNIL in a statement.
"It has been decided to make the formal notice public due to, among other reasons, the seriousness of the breaches and the number of individuals concerned (more than 10 million Windows users on French territory)."
Microsoft has responded to the declaration with a statement to BetaNews from David Heiner, vice president and deputy general counsel at Microsoft.
"We built strong privacy protections into Windows 10 and we welcome feedback as we continually work to enhance those protections. We will work closely with the CNIL over the next few months to understand the agency's concerns fully and to work toward solutions that it will find acceptable," he said.
"The CNIL noted that the Safe Harbour framework is no longer valid for transferring data from the European Union to the US. We fully understand the importance of establishing a sound legal framework for transatlantic data transfers, and that is why Microsoft has been very supportive of the efforts on both sides of the Atlantic that led to last week's adoption of the Privacy Shield."
Microsoft comes up with a new way to foist its unloved and little used Edge web browser on people
Facebook suspends Cambridge Analytica following weekend claims that it illegally harvested information from 50 million users
Insider claims Cambridge Analytica used academic app to filch Facebook data of 50 million users
Is the Samsung Galaxy S9+ worth its high price?