(Telecompaper) French data privacy agency Cnil has found Microsoft's Windows 10 OS in breach of French data protection law and has given the company three months to remedy its numerous failings. Following an investigation initiated earlier this year, Cnil has exposed a number of breaches relating to Windows 10 policies. These include the excessive collection of user data, the lack of security in one of the OS authentication systems, the presence of an advertising ID activated by default, the absence of information regarding the option to block cookies, and the practice of transferring personal data outside the EU on a 'safe harbour' basis. If Microsoft fails to comply with Cnil's requests within the given timescale, it can face sanctions under the French Data Protection Act.