Microsoft’s new privacy rules allow it to share user data across services… yet no one seems to care

Earlier this year Google introduced a new, unified privacy policy that allows Google to pool user data across all its various services and use the data as if it belongs in one database. That privacy policy drew fire for many privacy advocates and, most notably, has been the focus of an investigation by the European Union. Last Friday, Oct 19, Microsoft made a change to its Services Agreement that allows Microsoft to do essentially the same thing as Google. Yet the internet is relatively quiet over the issue.

The update to the Services Agreement allows Microsoft to take user data from one of its online services, such as Hotmail, and use that data to improve another service, such as Bing. This change applies only to Microsoft’s online services (such as Hotmail,, Windows Live Messanger, Bing, etc.) — not Microsoft software like Microsoft Office, Windows, and Internet Explorer.

Prior to this change, Microsoft was unable to share user data across its different services.

Microsoft pledges that it will not use collated data to serve targeted ads. However, as some privacy advocates point out, Microsoft’s promise is not formally incorporated in the Services Agreement — it is only mentioned in blog posts made and emails sent by Microsoft. In other words, legally speaking, Microsoft’s Services Agreement does not restrict Microsoft from using pooled data to serve ads.

It should also be noted Microsoft is not saying that it will not serve targeted ads at all. Rather, Microsoft is saying it won’t serve targeted ads based on data pooled from other services. So, for example, Microsoft will still continue to serve targeted ads on Bing using your data it got from Bing but not your data it got from Hotmail.

To make matters even more confusing, as Microsoft spokesman Jack Evans points out, Microsoft actually has a whole separate Privacy Policy which is different than the Services Agreement — but the two obviously have some overlap. Combine the fact that Microsoft provides various different types of products (e.g. online vs offline) and Microsoft has multiple policies that seemingly overlap, it is very confusing for the end user to determine exactly what Microsoft is, and isn’t, doing in regards to user privacy.

For what it is worth, Evans says:

Over the years, we have consistently informed users that we may use their content to improve the services they receive. For instance, we analyze content to improve our spam and malware filters in order to keep customers safe. We also do it to develop new product features such as e-mail categorization to organize similar items like shipping receipts in a common folder, or to automatically add calendar invitations.

However, one thing we don’t do is use the content of our customers’ private communications and documents to create targeted advertising. If that ever changes, we’ll be the first to let our customers know.

A privacy watchdog, however, disagrees with Evans.

John Simpson is responsible for monitoring privacy policies for Consumer Watchdog, a nonprofit group based in California. He says, with this Services Agreement update, Microsoft is doing the same thing as what Google did:

What Microsoft is doing is no different from what Google did. It allows the combination of data across services in ways a user wouldn’t reasonably expect. Microsoft wants to be able to compile massive digital dossiers about users of its services and monetize them.

Who is right, who is wrong, and what exactly is happening to to your privacy when using Microsoft online services isn’t exactly clear. What is clear is that companies — which includes Microsoft and Google but is not limited to just these two — are more and more moving towards soft privacy stances as they try to generate new revenue streams in the name of growth and prosperity.

[via New York Times, image via sjsharktank]

Related Posts