Problem solve Get help with specific problems with your technologies, process and projects.

Microsoft services agreement changes: What other enterprises can learn

Should enterprises be concerned about Microsoft services agreement changes after the Google privacy policy fiasco? Expert Michael Cobb discusses.

Google got into trouble with recent changes to its policies regarding the handling of user information, and now Microsoft seems to have caused some concern with similar changes. Should enterprises be concerned with Microsoft's new user information policies? Are there any lessons to be learned for enterprises on how to state exactly what data they collect?

Let me begin by answering your second question first, because there is a lesson to be learned from the way Google and Microsoft announced policy changes affecting user data. When it comes to data collection and data privacy, consumers need to be able to easily find and understand answers to the following questions:

  • What data is collected?
  • How is it collected?
  • How will it be stored?
  • Who will have access to it?
  • How will it be used?

This information is usually covered in the relevant service agreement, be it for use of a website, software product or even a device, but it is regularly written in legalese, and the language is usually so broad and ambiguous that it appears to allow virtually any use of customers' personal information. While a service agreement is a legal document written with the intent to avoid the problems Google and Microsoft have experienced, companies should also attach an accompanying explanation written in plain English that a layperson can understand. Such a proactive measure would stop a lot of the confusion that inevitably occurs when a large enterprise announces changes to a widely used service.

It's naive to think that companies will offer free services without trying to monetize them.

Take, for example, the article in The New York Times reporting that Microsoft's updated services agreement gave the company broad leeway to collect and use personal information gleaned from consumers of its free, Web-based products. This prompted the co-chairman of the Congressional Bipartisan Privacy Caucus, U.S. Rep. Edward J. Markey, D-Ma., to write to Steve Ballmer, Microsoft's CEO, expressing concern about the policy. Microsoft was forced to change its new disclosure policy to tell consumers explicitly that it would not use personal information it collects from users of some Microsoft products to produce or promote targeted online advertising and released a statement saying, "One thing we don't do is use the content of our customers' private communications and documents to target advertising." This was a not-so-veiled jab at its competitor, Google, which does engage in that practice.

Industry watchers and consumer groups may not like a vendor or service provider's privacy policy, but if the policy is clear and data is used within the confines of the law, then it's less likely to be accused of being misleading or concealing underhanded practices. Negative press and loss of business may force a change, though, which brings us back to your first question on whether enterprises should be concerned with Microsoft's new user information policies.

The Microsoft services agreement changes mainly affect its free Web-based products, such as Hotmail and Outlook.com, but not the desktop version of Outlook. Like Google, Microsoft is looking to analyze customer data from one product and use it to improve another. Google attracted widespread criticism when it revised its privacy policy to allow information sharing across its product lines, but it's naive to think that companies will offer free services without trying to monetize them. Also, analysis of customer content is often necessary to avoid copyright infringement and other legal violations, and to improve spam and malware filters. Systems that store or process sensitive enterprise data should not be used to browse the Web or access any free service that collects data in any way. Certain departments in an enterprise may have to use separate desktops for Internet activity, but that is the price paid for a free service.

This was last published in March 2013

Dig Deeper on Data privacy issues and compliance

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.