France's National Data Protection Commission said in a statement it had given Microsoft three months to comply with the French Data Protection Act to ensure user data security and confidentiality France on Wednesday said it had served formal notice on Microsoft to stop collecting what it deems excessive data and tracking browsing by users without their consent on civil liberty grounds.
France's National Data Protection Commission (CNIL) said in a statement it had given the US computing giant three months to comply with the French Data Protection Act to ensure user data security and confidentiality.
CNIL made the demand after Microsoft launched its latest Windows 10 operating system a year ago, saying media and political groups had brought the issue to its attention.
The body added it had undertaken seven "on-line observations" to determine the extent of the problem and questioned Microsoft Corporation on its privacy policy to see if Windows 10 fully complied with French data protection legislation.
The French indicated those investigations "revealed many failures" including collection of "irrelevant or excessive (user) data".
The CNIL also criticised Microsoft for allowing users to choose a four character PIN number to authenticate access to on-line services, but without limiting the number of attempts to enter the correct code, something the French deemed liable to hit data and personal security.
The French also decried Windows 10's use of targeted advertising without first obtaining the consent of users and the absence of a means to block cookies.
"The company puts advertising cookies on users' terminals without properly informing them of this in advance or enabling them to oppose this," said the CNIL in a statement issued in French and English.
CNIL also said Microsoft was still transferring user data outside the European Union even though last October the European Court of Justice ruled on privacy grounds that the transfer of European citizens' data to the United States under the obsolete "safe harbour" basis was no longer valid.
The French body added that should Microsoft fail to comply with the formal notice CNIL would draw up a report on Data Protection Act breaches which could result in a 150,000 euros ($165,000) fine.
After the legal wrangle on handling web data between Europe and the United States the European Union earlier this month launched a controversial deal with Washington aimed at curbing government spying on EU citizens' personal internet data.
A new "Privacy Shield" sets out tough rules to prevent US intelligence agencies accessing Europeans' data, with companies facing penalties if they do not meet European standards of protection.
But critics say the new arrangements do not go far enough and will face legal challenges.
Explore further: Google appeals French fine as data privacy row continues