Ramblings of an old Doc

 

France (in its uniquely…French manner) has awakened, and the questions we all asked regarding W10 and “privacy” concerns. MS was “served” on 7.16 to comply with the French Data Protection Act within 3 months…while MS is probably more concerned with how it’s going to cope with the rush of last minute upgraders to W10 and overwhelmed servers.

So, our oldest ally claims that “Microsoft's Windows 10 operating system is used for "collecting excessive data and tracking browsing by users without their consent". Additionally, the commission (CNIL) wants Microsoft to "ensure the security and confidentiality of user data" (gHacks).

By the way, does anyone else besides me find it weird that the country whose language gave us the word "voyeur" is claiming privacy concerns? Never mind, on with the post.

The French Working Group (CNIL) (to check up on MS privacy) went through their OS in 2 months and found the following issues which looks more like the summary of our concerns from months ago, actually, making me wonder if they actually checked anything:

  • Irrelevant or excessive data collected: CNIL states in its report that Microsoft is collecting data during operation that is not required "for the operation of the service". Microsoft collects Windows app and Windows Store usage data for instance, and there apps installed and time spend in apps. According to CNIL, this is not required for operation of the operating system.
  • Lack of Security: Windows 10 users who enable PIN protection may set a four digit PIN that is then used for authentication. This PIN provides access to the operating system including Windows Store account data. The operating system does not limit the number of attempts to enter the PIN.
  • Lack of individual consent: Windows 10 enables an advertising ID by default when the operating system is installed that may be used by apps, third-parties and Microsoft to "monitor user browsing and to offer targeted advertising without obtaining users' consent".
  • Lack of information and no option to block cookies: Microsoft places advertising cookies on users' "terminals" without "properly informing them of this in advance or enabling them to oppose this".
  • Data still being transferred outside EU on a "safe harbor" basis: Personal data is transferred to the United States on a "safe harbor" basis, but this should not be the case since "the decision issued by the Court of Justice of the European Union on 6th October 2015".

As for their “security concern”, turns out that is the 4 letter/digit PIN you can opt to use signing on. In reality, you can use a longer/more complex PIN but MS apparently hasn’t made it “abundantly clear” enough for French. That can be solved with an added sentence. Big deal.

Also, MS gives installation options that make the “individual consent” in the above irrelevant and simply nonsense, which leads me once again to question if, how and what level of expertise was required to sit on this CNIL Working Group? So… big deal: Make it “opt in” not “opt out”…and zillions of businesses make it “opt out”…customizing installation options could and probably should be offered in plain language. But is this really such a big deal?

The real big deal is that CNIL has given MS 3 months to work on these “issues” (i.e. revamp your OS). Non-compliance may result in sanctions.

Another point is that the data is "anonymized" (and everyone else does it as well), and that bit about data being transferred out of "Europe"? What nonsense. More attempts to limit free trade, and I'm sure a "fee" will be "acceptable" for this. 

Translated, this means there’s a little bird at the pond looking to wet its beak (as Vito Corleone put it). Don’t think this will cost MS a penny. It’ll be passed on to consumers in a myriad of ways…just as it always has been, and always will be.

That’s the real issue governments should be dealing with, not creating.

 

Source:

http://www.ghacks.net/2016/07/21/microsoft-in-hot-water-over-windows-10-privacy-in-france/


Comments
No one has commented on this article. Be the first!