Microsoft has three months to revise its Windows 10 practices or it will be penalized in France.
Windows 10 has irked many users and observers and raised a number of security concerns since its launch, as it's believed to be the OS that spies most on its users. The French government has now raised another red flag, warning Microsoft that it will face consequences if it doesn't address Windows 10 security flaws and stop collecting user data without their consent.
France's Chair of the National Data Protection Commission (CNIL) issued an order this week, giving Microsoft three months to make changes to its OS or else face hefty fines. The CNIL says that the Windows Store collects user data without the user's permission on all downloaded applications, monitoring even the time spent on each app. Moreover, Windows 10 automatically installs an advertising identifier, enabling Microsoft to keep an eye on users' browsing to offer targeted ads. Users are not even aware of this, let alone consent to it.
Aside from violating laws that protect user data, the Windows Store also poses a security threat with its authentication method, the CNIL further points out. While users can authenticate their Microsoft accounts by setting a PIN code, the unlimited number of attempts to enter the correct PIN is a security risk that should be addressed.
Should Microsoft fail to address the CNIL's concerns and requests within three months of this order, it could face steep fines in the country. Data protection laws in France allow for financial sanctions of up to €1.5 million, which would translate to roughly $1.65 million based on current exchange rates.
CNIL will hold off on imposing fines for now, but will have no choice but to penalize Microsoft if the company doesn't take the necessary measures to improve its practices.
Microsoft, for its part, promised to look into the matter and collaborate with the CNIL to address privacy and security concerns.
"We built strong privacy protections into Windows 10, and we welcome feedback as we continually work to enhance those protections," says David Heiner, vice president and deputy general counsel at Microsoft.
"We will work closely with the CNIL over the next few months to understand the agency's concerns fully and to work toward solutions that it will find acceptable."
Concerns regarding Windows 10 data collection are nothing new, however, as Microsoft's practices with its latest OS have been questioned ever since the OS hit the market.
Microsoft addressed the matter last year, claiming that it only collects data necessary to improve the experience. Back in September 2015, for instance, the company said Windows 10 collects personalization data to customize the individual user experience with Cortana and telemetry data to help Microsoft understand how consumers are using Windows 10.
Nevertheless, Microsoft has been facing harsh criticism over its Windows 10 practices, including its aggressive push to get the OS on as many PCs as possible.
As a reminder, the deadline for getting Windows 10 as a free upgrade is July 29, after which the OS will be available for purchase. If you have yet to upgrade and the concerns regarding data collection, privacy and other aspects don't scare you off, you still have a week to take the plunge.