French Regulators Say Windows 10 Now Conforms to Privacy Laws

Posted on June 29, 2017 by Paul Thurrott in Windows 10 with 4 Comments

French Regulators Say Windows 10 Now Conforms to Privacy Laws

The French regulatory body Commission Nationale de l’Informatique et des Libertés (CNIL) announced this week that it is dropping its complaint against Windows 10 because of changes Microsoft has made to its data collection policies.

CNIL first complained about the privacy implications of Windows 10 data collection in mid-2016, about one year into the operating system’s lifetime. At that time, it demanded that Microsoft alter Windows 10 to come into compliance with French data protection laws, and it threatened to fine the firm for ongoing violations.

After finally explaining that Windows 10 wasn’t actually violating anyone’s privacy, Microsoft did work to correct these overblown issues in the Creators Update. And in doing so, it delivered a win to privacy advocates.

Also, it worked on the regulators.

“The President of the CNIL considers that the company has complied with the law and thus decided to proceed with the closure of the formal notice procedure,” a CNIL statement reads. “Microsoft has taken steps to comply with the injunctions of the formal notice.”

The CNIL was apparently swayed by what I call the “privacy theater” changes that Microsoft made in Windows 10 Setup, where it forces users to make several choices related to data collection. If the user turns off all those switches, Windows 10 moves into a “base” data collection mode that apparently satisfies French demands for privacy.

According to the CNIL, Microsoft has reduced the volume of data collected under the “base” level of its telemetry service in Windows 10 by nearly half. Now, it only collects data that is “strictly necessary to maintain the system and applications in good working order and to ensure their safety.” It’s unclear what Microsoft was collecting previously.

Likewise, the CNIL likes the “clear and precise” messaging about privacy that Windows 10 delivers to users. They cannot finish setting up Windows 10 without making privacy choices, and they can change those choices at any time. (This is, in fact, no different from the original versions of Windows 10, but whatever.)

Finally, the CNIL cited improvements to Windows 10 security, which is rather bizarre, as I’m not aware of any changes there that are relevant to privacy. (It looks like they’re referring to changes to Microsoft’s two-step authentication functionality, which isn’t strictly a Windows 10 feature.)

 

Join the discussion!

BECOME A THURROTT MEMBER:

Don't have a login but want to join the conversation? Become a Thurrott Premium or Basic User to participate

Register
Comments (4)

4 responses to “French Regulators Say Windows 10 Now Conforms to Privacy Laws”

  1. Tony Barrett

    Having actually used this new installer with the revised privacy settings, I can honestly say it's not much different in content - it's just worded differently. You still need to ready everything very carefully, and it's all still opt-out, so everything is enabled by default. I guess it's got Microsoft off the hook - for now (in France at least).

  2. chaad_losan

    In the land of the blind, the one eyed man is king.

  3. MutualCore

    iOS Privacy is more transparent in their Privacy-->Analytics page. You can turn off Analytics altogether with one switch.

  4. chump2010

    According to the CNIL, Microsoft has reduced the volume of data collected under the “base” level of its telemetry service in Windows 10 by nearly half. Now, it only collects data that is “strictly necessary to maintain the system and applications in good working order and to ensure their safety.” It’s unclear what Microsoft was collecting previously.



    This says it all. If Microsoft have reduced the volume of telemetry by half, then maybe they were collecting more than was neccessary. Clearly you don't know EXACTLY what they were collecting and Microsoft never said what they were collecting other than the usual its what we need.


    So maybe they have reduced the amount they are collecting to a strictly necessary amount. Of course maybe I am wrong. Maybe you have seen a log of exactly what they are collecting and what information is being sent out at a base level for the original windows 10. If Microsoft had published that - a typical grab of what they collect from user X then everyone would be happy. They did not and therefore the only reason must be because they were collecting too much stuff.



Leave a Reply