Microsoft Releases a New Privacy Policy

On Wednesday, June 11, Microsoft announced that it was going to implement a new, simplified privacy and services policy that would emphasize that the company does not snoop on email or Skype calls to sell ads.

The updated privacy policy has been posted online so that users may take a look at what the company does, what kind of information it collects from users and for what purposes. Microsoft said that it simplified the agreement, while trying to bring forward the important details that users care about. The related Microsoft Services Agreement applies to all of Microsoft’s services, from to Office to OneDrive.

The new policy is set to take effect on July 31. At that time, use of Microsoft’s services will constitute opting into the agreement. If you want to opt out, you’ll need to stop using the services or close your account.

No Targeted Ads? Not so fast…

Microsoft made it clear that – at least for advertising purposes – it does not tap into private communications. The company commented:

“As part of our ongoing commitment to respecting your privacy, we have updated the Microsoft Services Agreement to state that we do not use what you say in email, chat, video calls, or voice mail to target advertising to you. Nor do we use your documents, photos, or other personal files to target advertising to you.”

While the tech giant didn’t refer to Google or any other competitor, the message sent was clear. While its rivals may sell ads against users’ content, Microsoft does no such thing. Back in 2012, Google consolidated its privacy policy as well, sharing information to provide a more cohesive and complete profile of its users. US and European lawmakers were in an uproar, accusing the company of collecting information without consent, without enough provisions for users to opt out.

We shouldn’t assume that Microsoft has washed its hands of collecting user data. Actually, the policy makes it clear that Microsoft may ask for personal information when you sign up for a service, including name and location.

Users can also provide implicit consent to Microsoft’s recording of voices and other content to improve services. The new policy states: “… you may provide content – your communications and your files – while using our sites and services. Content includes the words in an email in or the photos and documents stored on OneDrive.”

Note that if Microsoft doesn’t get the information it wants directly, it can always purchase what it wants from a third-party source. This isn’t new; Microsoft already uses your information to improve its services. It also uses that information to provide targeted ads – the more information an advertiser knows about a user, the more interesting the ad will seem.

This closely follows what happened earlier this year, where a court ordered the company to disclose the contents of a user’s email. In its updated privacy policy, Microsoft made it clear that it would not examine the contents of user emails, even if the user may be engaged in suspicious activity. The company said it would refer the matter to law enforcement.

One Catch

There’s just one catch, users must log in at least once a year. Those who fail to log into their Microsoft account once a year will have their account terminated and all or most of the data associated with it will be lost. According to its updated services agreement:

“You must sign into your Microsoft account periodically, at minimum every year, to keep services associated with your Microsoft account active, unless provided otherwise in an offer for a paid portion of the Services. If you don’t sign in during this period, we will close your account… If your Services are canceled, we will delete information or Content… associated with your Microsoft account, or will otherwise disassociate it from you and your Microsoft account, unless the law requires us to keep it.”

It’s possible that logging into your Windows PC or an app will count as signing into your account. This might mean that most Windows users won’t have to worry about this requirement. For the time being, there’s no clear mechanism for opting out of Microsoft’s data collection practices, other than terminating your account and discontinuing to use Microsoft’s services. There’s no indication that Microsoft is necessarily expanding its data collection practices either.


Microsoft’s new simplified privacy and services policy will come into effect July 31, 2014.

CIPP Exam Preparation

In preparation for the Certified Information Privacy Professional/Information Technology (CIPP/IT) exam, a privacy professional should be comfortable with topics related to this post, including:

  • Privacy expectations (II.A.)
  • Privacy by policy (III.B.)

Leave a Reply




You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>