Google got into trouble with recent changes to its policies regarding the handling of user information, and now...
Microsoft seems to have caused some concern with similar changes. Should enterprises be concerned with Microsoft's new user information policies? Are there any lessons to be learned for enterprises on how to state exactly what data they collect?
Let me begin by answering your second question first, because there is a lesson to be learned from the way Google and Microsoft announced policy changes affecting user data. When it comes to data collection and data privacy, consumers need to be able to easily find and understand answers to the following questions:
- What data is collected?
- How is it collected?
- How will it be stored?
- Who will have access to it?
- How will it be used?
This information is usually covered in the relevant service agreement, be it for use of a website, software product or even a device, but it is regularly written in legalese, and the language is usually so broad and ambiguous that it appears to allow virtually any use of customers' personal information. While a service agreement is a legal document written with the intent to avoid the problems Google and Microsoft have experienced, companies should also attach an accompanying explanation written in plain English that a layperson can understand. Such a proactive measure would stop a lot of the confusion that inevitably occurs when a large enterprise announces changes to a widely used service.
It's naive to think that companies will offer free services without trying to monetize them.
Take, for example, the article in The New York Times reporting that Microsoft's updated services agreement gave the company broad leeway to collect and use personal information gleaned from consumers of its free, Web-based products. This prompted the co-chairman of the Congressional Bipartisan Privacy Caucus, U.S. Rep. Edward J. Markey, D-Ma., to write to Steve Ballmer, Microsoft's CEO, expressing concern about the policy. Microsoft was forced to change its new disclosure policy to tell consumers explicitly that it would not use personal information it collects from users of some Microsoft products to produce or promote targeted online advertising and released a statement saying, "One thing we don't do is use the content of our customers' private communications and documents to target advertising." This was a not-so-veiled jab at its competitor, Google, which does engage in that practice.
Dig Deeper on Data privacy issues and compliance
Related Q&A from Michael Cobb
Expert Michael Cobb details how to argue for a multistep secure code review process, like Microsoft SDL, and the pros of secure coding practices. Continue Reading
Researchers developed a tool to help prevent improper certificate pinning that causes security issues. Expert Michael Cobb reviews the issue and the ... Continue Reading
Google Project Zero discovered a WPAD attack that could target systems running Windows 10. Expert Michael Cobb explains how the attack works and how ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.