The chair of the French data privacy authority is giving Microsoft a three-month ultimatum to get its practices in line.
Isabelle Falque-Pierrotin, who chairs the Commission Nationale de l’Informatique et des Libertés, (CNIL) identified a host of data collection practices she says the software firm must correct in a “formal notice” announced Wednesday.
If Microsoft does not comply, the notice threatens that CNIL will appoint an investigator to determine whether sanctions against the company are in order.
CNIL points to Windows 10’s telemetry system, which sends data on how a computer is functioning back to Microsoft to improve the product. The French Data Protection act bars collection of data that is irrelevant the necessary functioning of a program, which it says these telemetry reports violate.
The formal notice also flags Microsoft for not following rules about tracking users online, not abiding by European Union data storage rules, and using a PIN security scheme that does not limit the number of guesses an attacker can make to break into certain accounts.
At the time of this article, Microsoft had not responded to a request for comment.