The Chair of the National Data Protection Commission (CNIL) has ordered Microsoft Corporation to stop collecting excessive data and tracking web browsing of Windows 10 users without their consent. The data protection commission also wants the U.S. tech giant to take measures ensuring the security and confidentiality of user data. The commission found that the company is still transferring data to the U.S. under the “Safe Harbor” agreement that was invalidated by an EU court in October, The Verge reported.
CNIL: Microsoft Collecting Excessive Data
In a statement released Wednesday, the CNIL said that it carried out seven on-line observations in April and June this year. Other European data protection authorities formed a “contact group” to investigate Microsoft’s data collection practices following the release of Windows 10 last June.
The French organization said that it is issuing a formal notice due to the seriousness of the breaches and the number of individuals concerned. There are more than 10 million Windows users in France.
The organization said that the company was collecting diagnostic and usage data, which is not necessary for the operation of the service. The firm allows users to choose a four characters PIN to authenticate themselves for all its on-line services. But the number of attempts to enter the PIN is not limited, meaning that user data is not secure, the CNIL said.
The organization also found that an advertising ID is activated by default when Windows 10 is installed. This enables Windows apps to monitor browsing and offer targeted advertising without obtaining users’ consent. Microsoft Corporation is adding advertising cookies to users’ terminals without properly informing users.
According to the CNIL, Microsoft is sending its users’ personal data to the United States under “Safe Harbour” agreement, which was invalidated by the Court of Justice of the European Union in October 2015.
Microsoft Has 3 Months To Comply Orders
Microsoft has three months to comply with the Act. The organization noted that this proceedings only commits French Data protection authority. Other data protection authorities are continuing their investigations within their respective national procedures.
If Microsoft fail to comply, the commission’s chair may appoint an internal investigator, who may draw up a report proposing that the restricted committee issue a sanction against the company.
Microsoft vice president and deputy general counsel David Heiner told Reuters that the company will work with CNIL to develop “solutions that it will find acceptable.”
In other news, Microsoft Corporation reported its financial results for the fiscal fourth quarter ended June 30 on Tuesday, beating estimates on both the top and bottom lines. However, the tech giant posted a 9% decline in gaming revenue. Xbox’s hardware business isn’t performing well, with hardware revenue falling 33% compared to the same period last year. Xbox Live revenue jumped 4% during the quarter. The company’s Xbox Live online service officially crossed 44 million members.
The company’s pivotal cloud solution, Azure, raked in revenue growth of 102 percent. It helped push Microsoft’s quarterly turnover to $22.64 billion. “The Microsoft Cloud is seeing significant customer momentum and we’re well-positioned to reach new opportunities in the year ahead,” reports CEO Satya Nadella.