French Regulators Say Windows 10 Now Conforms to Privacy Laws
- Paul Thurrott
- Jun 29, 2017
-
4
The French regulatory body Commission Nationale de l’Informatique et des Libertés (CNIL) announced this week that it is dropping its complaint against Windows 10 because of changes Microsoft has made to its data collection policies.
CNIL first complained about the privacy implications of Windows 10 data collection in mid-2016, about one year into the operating system’s lifetime. At that time, it demanded that Microsoft alter Windows 10 to come into compliance with French data protection laws, and it threatened to fine the firm for ongoing violations.
Windows Intelligence In Your Inbox
Sign up for our new free newsletter to get three time-saving tips each Friday — and get free copies of Paul Thurrott's Windows 11 and Windows 10 Field Guides (normally $9.99) as a special welcome gift!
"*" indicates required fields
After finally explaining that Windows 10 wasn’t actually violating anyone’s privacy, Microsoft did work to correct these overblown issues in the Creators Update. And in doing so, it delivered a win to privacy advocates.
Also, it worked on the regulators.
“The President of the CNIL considers that the company has complied with the law and thus decided to proceed with the closure of the formal notice procedure,” a CNIL statement reads. “Microsoft has taken steps to comply with the injunctions of the formal notice.”
The CNIL was apparently swayed by what I call the “privacy theater” changes that Microsoft made in Windows 10 Setup, where it forces users to make several choices related to data collection. If the user turns off all those switches, Windows 10 moves into a “base” data collection mode that apparently satisfies French demands for privacy.
According to the CNIL, Microsoft has reduced the volume of data collected under the “base” level of its telemetry service in Windows 10 by nearly half. Now, it only collects data that is “strictly necessary to maintain the system and applications in good working order and to ensure their safety.” It’s unclear what Microsoft was collecting previously.
Likewise, the CNIL likes the “clear and precise” messaging about privacy that Windows 10 delivers to users. They cannot finish setting up Windows 10 without making privacy choices, and they can change those choices at any time. (This is, in fact, no different from the original versions of Windows 10, but whatever.)
Finally, the CNIL cited improvements to Windows 10 security, which is rather bizarre, as I’m not aware of any changes there that are relevant to privacy. (It looks like they’re referring to changes to Microsoft’s two-step authentication functionality, which isn’t strictly a Windows 10 feature.)
Conversation 4 comments
-
chump2010
<p>According to the CNIL, Microsoft has reduced the volume of data collected under the “base” level of its telemetry service in Windows 10 by nearly half. Now, it only collects data that is “strictly necessary to maintain the system and applications in good working order and to ensure their safety.” It’s unclear what Microsoft was collecting previously.</p><p><br></p><p><br></p><p>This says it all. If Microsoft have reduced the volume of telemetry by half, then maybe they were collecting more than was neccessary. Clearly you don't know EXACTLY what they were collecting and Microsoft never said what they were collecting other than the usual its what we need. </p><p><br></p><p>So maybe they have reduced the amount they are collecting to a strictly necessary amount. Of course maybe I am wrong. Maybe you have seen a log of exactly what they are collecting and what information is being sent out at a base level for the original windows 10. If Microsoft had published that – a typical grab of what they collect from user X then everyone would be happy. They did not and therefore the only reason must be because they were collecting too much stuff.</p><p><br></p><p><br></p>