Microsoft has halved data it collects from Windows 10 users, says French privacy regulator

[Batu69]

Last summer, France's data protection commissioner, CNIL, criticized Microsoft for collecting an excessive amount of user data on Windows 10 PCs, and publicly ordered the company to "comply with the law within a period of three months."

 

Today, CNIL issued a public statement, saying that it is satisfied with Microsoft's efforts to address those criticisms in accordance with the country's 'computing and freedoms' laws, and has ended its "procedure of formal notice" against the company.

 

The data protection watchdog said that Microsoft "has reduced by almost half the volume of data collected under the "basic level" of its telemetry service", and that it now limits its collection of data to the bare minimums required "to maintain the system and applications in good working order and to ensure users safety."

 

Earlier this year, Microsoft introduced a range of privacy changes to improve the transparency of its data collection on Windows 10, and to give users greater control over the amount and types of data that they're willing to share with the company. These changes included a new online privacy dashboard, and a revised Windows 10 setup experience with clearer explanations of its data collection practices.

 

CNIL also highlighted other improvements that Microsoft has made to address its concerns. It said that Microsoft has:

• inserted references to information in line with article 32 of the "computing and freedom" law;
• completed applications with the CNIL for its treatments of combating fraud;
• joined the Privacy Shield to govern international transfers of personal data;
• put an end to the deposit of cookies without prior collection of the consent of users for many of its Windows 10 web sites, and is committed to do for all before September 30, 2017.

While CNIL considers the matter resolved, Microsoft's data collection activities in Windows 10 apparently remain under the scrutiny of the Article 29 Working Party, a group formed of representatives from data and privacy regulators in each of the European Union's member states.

 

That group raised fresh concerns about Windows 10 data collection in February, saying that Microsoft "should clearly explain what kinds of personal data are processed for what purposes. Without such information, consent cannot be informed, and therefore, not valid."  Source: CNIL via TechRepublic

 

Article source

[steven36]

 

Quote

 

French Regulators Say Windows 10 Now Conforms to Privacy Laws

 

 

The French regulatory body Commission Nationale de l’Informatique et des Libertés (CNIL) announced this week that it is dropping its complaint against Windows 10 because of changes Microsoft has made to its data collection policies.

 

CNIL first complained about the privacy implications of Windows 10 data collection in mid-2016, about one year into the operating system’s lifetime. At that time, it demanded that Microsoft alter Windows 10 to come into compliance with French data protection laws, and it threatened to fine the firm for ongoing violations.

 

After finally explaining that Windows 10 wasn’t actually violating anyone’s privacy, Microsoft did work to correct these overblown issues in the Creators Update. And in doing so, it delivered a win to privacy advocates.

 

Also, it worked on the regulators.

“The President of the CNIL considers that the company has complied with the law and thus decided to proceed with the closure of the formal notice procedure,” a CNIL statement reads. “Microsoft has taken steps to comply with the injunctions of the formal notice.”

 

The CNIL was apparently swayed by what I call the “privacy theater” changes that Microsoft made in Windows 10 Setup, where it forces users to make several choices related to data collection. If the user turns off all those switches, Windows 10 moves into a “base” data collection mode that apparently satisfies French demands for privacy.

 

According to the CNIL, Microsoft has reduced the volume of data collected under the “base” level of its telemetry service in Windows 10 by nearly half. Now, it only collects data that is “strictly necessary to maintain the system and applications in good working order and to ensure their safety.” It’s unclear what Microsoft was collecting previously.

 

Likewise, the CNIL likes the “clear and precise” messaging about privacy that Windows 10 delivers to users. They cannot finish setting up Windows 10 without making privacy choices, and they can change those choices at any time. (This is, in fact, no different from the original versions of Windows 10, but whatever.)

 

Finally, the CNIL cited improvements to Windows 10 security, which is rather bizarre, as I’m not aware of any changes there that are relevant to privacy. (It looks like they’re referring to changes to Microsoft’s two-step authentication functionality, which isn’t strictly a Windows 10 feature.)

 

 By Paul Thurrott

https://www.thurrott.com/windows/windows-10/120573/french-regulators-say-windows-10-now-conforms-privacy-laws