The severe crop CNIL about Windows 10 does not go unnoticed, far beyond the French borders. Recall that the Commission Nationale Informatique and Freedoms has formally Redmond about an “over-collection” of data through Windows 10.
For starters, Windows telemetry service under 10 fire from critics for many months engaged in excessive gathering information, collecting usage data from Windows applications and Windows Store that are not needed for its operation estimated CNIL. The authority also points to a security breach at the 4-digit PIN used to secure access to online services and Microsoft account. “The number of attempts to enter this PIN is not limited, which does not ensure the security and confidentiality of user data”.
CNIL also denounced the presence of “advertising ID” on by default when installing Windows 10, which serves to push targeted advertisements without prior consent of the users. Similarly, “the Company files on devices of users advertising cookies, without having properly informed prior to or given the opportunity to oppose it.”
Finally, Microsoft has pointed to the transfer of personal data of its customers to the United States under the Safe Harbor which recalls the CNIL,” is no longer possible since the decision of the Court of EU Justice of 6 October 2015 “.
Dialogue of the deaf
Consequently, Microsoft has three months to come into compliance with the law on these points. Otherwise, the publisher is exposed to the opening of a procedure which may lead to a sanction and a fine.
Microsoft could not react but not as often the answer is terse and meager explanations. David Heiner, Microsoft vice president and deputy general counsel said: “We have established strong confidentiality protections in Windows 10, and we consider any return allowing us to improve those protections We will work in close. collaboration with the CNIL in the coming months in order to understand the agency’s concerns and work on solutions that will find acceptable. “. Move along, there’s nothing to see.
However Recall that the firm has repeatedly expressed on the subject of telemetry. Last November, told PCWorld, vice president of Microsoft, Joe Belfiore, emphasized: it is not personal data but information related to the use of the system and its performance. The telemetry did so back to Microsoft data on crashes or malfunctions.
The collections on personal data can they be deactivated and concerns related to the protection of privacy are well taken into account, considered the leader of the American publisher.
“We think these things have to do with the health system, and are not personal information or are not relevant to life private “commented the official. One way to justify the lack of option to opt-out.
Even tone from the head of the Windows division, Terry Myerson. The latter already ensured that no data identifying the user was collected via the telemetry service.
“We collect a limited amount of information,” wrote the senior manager. “This includes data as an anonymous ID terminal, the device type, and application crash data that Microsoft and its developer partners use to continually improve application stability.”
But above all, he added, telemetry excludes data relating to content or user files. And “we take several steps to avoid collecting any information that directly identifies you, including your name, email address or account number.”
Data protection is an industrial choice, defended Microsoft 2014 to ZDNet.fr. One way for the publisher to differentiate itself from its rivals, especially Google.
The decision of the CNIL and Microsoft’s formal do not lead to the same conclusion. In its privacy statement, the publisher specifies the nature of the data collected when telemetry is configured as a level “basic”.
Now, to the French regulator, it “appears that many of these data are not directly necessary for the operation of the operating system.” This one even considers that the existence of a fourth level setting, limited to certain editions of Windows, confirms “that the majority of data included in the basic level is not essential to the operation of the service”.
also read on the subject:
User information and Windows 10 – the “industrial choices” multiple failures of Microsoft
Windows 10, telemetry secrets: where, when, and why Microsoft collects your data
Windows 10 and telemetry: a simple network analysis to shed light
Windows 10: no, Microsoft does not intend to change the privacy settings
No comments:
Post a Comment