Microsoft has been ordered to fix Windows 10 by a French regulator who believes that the company's latest operating system collects excessive amounts of personal data from its customers which it sends outside of the EU illegally and without user consent.
The warning was issued from the independent data privacy watchdog, the Commission Nationale de l'Informatique et des Libertés (CNIL). The CNIL has the power to issue hefty fines against companies and it has been investigating Windows 10 since it launched in July of last year.
The group has decided to out Microsoft publicly for the way it handles user data. In a statement issued on Wednesday, the CNIL, said: “The CNIL has decided to issue a formal notice to Microsoft Corporation to comply with the Act within three months.”
"The purpose of the notice is not to prohibit any advertising on the company's services but, rather, to enable users to make their choice freely, having been properly informed of their rights. It has been decided to make the formal notice public due to, among other reasons, the seriousness of the breaches and the number of individuals concerned."
The group has taken issue with the amount of user data that Windows 10 sends back to Microsoft. It was also shocked by the operating system's poor security. Though users create a four-digit pin to log in and buy apps from the company's store, there is no limit to how many times a pin can be entered, opening the system up to an attacker with the time or tools to try all of the pins possible to breach the system.
Microsoft's deputy general counsel, David Heiner responded to CNIL's claims, saying: “We built strong privacy protections into Windows 10, and we welcome feedback as we continually work to enhance those protections.
"We will work closely with the CNIL over the next few months to understand the agency's concerns fully and to work toward solutions that it will find acceptable.”
Image Credit: photogearch / shutterstock