By a deliberation dated July 12th, 2016, the CNIL decided to make public a formal notice No. 2016-058 of June 30th, 2016 taken against Microsoft.
“The bureau considers that the publicity of the decision to give formal notice is justified by the numerous shortcomings foundand the consequent infringement of the rights of the persons concerned, particularly with regard to the default activation of the advertising identifier of users without their prior consent, the excessive nature of the data collected by the company for telemetry and the lack of sufficient measures to ensure the security and confidentiality of the data. The company allowsusers to connect from their machine to all of its online services using a PIN code of at least four characters without any blocking mechanism after several unsuccessful attempts to authenticate“.
It also justified its decision to publish its decision to give notice’ as much by the status and size of the organization involved,[…] in the marketing of operating systems and software, as by the number of people concerned by its processing (more than ten million users in […] the country).