The deficiencies included:
- excessive or irrelevant collection of data (i.e. telemetry);
- inadequate security with the PIN system used to secure users' accounts;
- the ability of Windows' and other parties’ apps to monitor user activity and offer targeted advertising without obtaining users’ consent;
- lack of information regarding, and no option to block, cookies; and
- continuing to transfer data outside the EU on a "safe harbour" basis, which violates an Oct. 2015 decision by the Court of Justice of the European Union.
Microsoft was given three months to address these issues, and at the time said that they were happy to work with the CNIL to work towards an acceptable solution. Again, that was in July, on the 21st.
That three-month deadline, Oct. 20th, has come and gone, without so much as a peep from either Microsoft or CNIL. So, what's happening?
That's not a rhetorical question; I'd really like to know. Because I've been googling "Microsoft CNIL" for a couple of weeks now, and... nothing. Is anyone in the actual journalism business asking this question of CNIL's press service, or of their own contacts inside CNIL? Because journalists are supposed to have some of those, aren't they? Why isn't any follow-up reporting being done on this story?