On Wednesday, June 11, Microsoft announced that it was going to implement a new, simplified privacy and services policy that would emphasize that the company does not snoop on email or Skype calls to sell ads.
The new policy is set to take effect on July 31. At that time, use of Microsoft’s services will constitute opting into the agreement. If you want to opt out, you’ll need to stop using the services or close your account.
No Targeted Ads? Not so fast…
Microsoft made it clear that – at least for advertising purposes – it does not tap into private communications. The company commented:
“As part of our ongoing commitment to respecting your privacy, we have updated the Microsoft Services Agreement to state that we do not use what you say in email, chat, video calls, or voice mail to target advertising to you. Nor do we use your documents, photos, or other personal files to target advertising to you.”
We shouldn’t assume that Microsoft has washed its hands of collecting user data. Actually, the policy makes it clear that Microsoft may ask for personal information when you sign up for a service, including name and location.
Users can also provide implicit consent to Microsoft’s recording of voices and other content to improve services. The new policy states: “… you may provide content – your communications and your files – while using our sites and services. Content includes the words in an email in Outlook.com or the photos and documents stored on OneDrive.”
Note that if Microsoft doesn’t get the information it wants directly, it can always purchase what it wants from a third-party source. This isn’t new; Microsoft already uses your information to improve its services. It also uses that information to provide targeted ads – the more information an advertiser knows about a user, the more interesting the ad will seem.
There’s just one catch, users must log in at least once a year. Those who fail to log into their Microsoft account once a year will have their account terminated and all or most of the data associated with it will be lost. According to its updated services agreement:
“You must sign into your Microsoft account periodically, at minimum every year, to keep services associated with your Microsoft account active, unless provided otherwise in an offer for a paid portion of the Services. If you don’t sign in during this period, we will close your account… If your Services are canceled, we will delete information or Content… associated with your Microsoft account, or will otherwise disassociate it from you and your Microsoft account, unless the law requires us to keep it.”
It’s possible that logging into your Windows PC or an app will count as signing into your account. This might mean that most Windows users won’t have to worry about this requirement. For the time being, there’s no clear mechanism for opting out of Microsoft’s data collection practices, other than terminating your account and discontinuing to use Microsoft’s services. There’s no indication that Microsoft is necessarily expanding its data collection practices either.
Microsoft’s new simplified privacy and services policy will come into effect July 31, 2014.
CIPP Exam Preparation
In preparation for the Certified Information Privacy Professional/Information Technology (CIPP/IT) exam, a privacy professional should be comfortable with topics related to this post, including:
- Privacy expectations (II.A.)
- Privacy by policy (III.B.)