Google got into trouble with recent changes to its policies regarding the handling of user information, and now...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
Microsoft seems to have caused some concern with similar changes. Should enterprises be concerned with Microsoft's new user information policies? Are there any lessons to be learned for enterprises on how to state exactly what data they collect?
Let me begin by answering your second question first, because there is a lesson to be learned from the way Google and Microsoft announced policy changes affecting user data. When it comes to data collection and data privacy, consumers need to be able to easily find and understand answers to the following questions:
- What data is collected?
- How is it collected?
- How will it be stored?
- Who will have access to it?
- How will it be used?
This information is usually covered in the relevant service agreement, be it for use of a website, software product or even a device, but it is regularly written in legalese, and the language is usually so broad and ambiguous that it appears to allow virtually any use of customers' personal information. While a service agreement is a legal document written with the intent to avoid the problems Google and Microsoft have experienced, companies should also attach an accompanying explanation written in plain English that a layperson can understand. Such a proactive measure would stop a lot of the confusion that inevitably occurs when a large enterprise announces changes to a widely used service.
It's naive to think that companies will offer free services without trying to monetize them.
Take, for example, the article in The New York Times reporting that Microsoft's updated services agreement gave the company broad leeway to collect and use personal information gleaned from consumers of its free, Web-based products. This prompted the co-chairman of the Congressional Bipartisan Privacy Caucus, U.S. Rep. Edward J. Markey, D-Ma., to write to Steve Ballmer, Microsoft's CEO, expressing concern about the policy. Microsoft was forced to change its new disclosure policy to tell consumers explicitly that it would not use personal information it collects from users of some Microsoft products to produce or promote targeted online advertising and released a statement saying, "One thing we don't do is use the content of our customers' private communications and documents to target advertising." This was a not-so-veiled jab at its competitor, Google, which does engage in that practice.
Dig Deeper on Data Privacy and Protection
Related Q&A from Michael Cobb
A privacy breach at ClixSense led to user account details being put up for sale. Expert Michael Cobb explains how companies should be held ...continue reading
A password-verification flaw in iOS 10 allowed attackers to decrypt local backups. Expert Michael Cobb explains how removing certain security checks ...continue reading
HTTP public key pinning, a security mechanism to prevent fraudulent certificates, was not used by Firefox, and left it open to attack. Expert Michael...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.