Google got into trouble with recent changes to its policies regarding the handling of user information, and now Microsoft seems to have caused some concern with similar changes. Should enterprises be concerned with Microsoft's new user information policies? Are there any lessons to be learned for enterprises on how to state exactly what data they collect?
Let me begin by answering your second question first, because there is a lesson to be learned from the way Google and Microsoft announced policy changes affecting user data. When it comes to data collection and data privacy, consumers need to be able to easily find and understand answers to the following questions:
- What data is collected?
- How is it collected?
- How will it be stored?
- Who will have access to it?
- How will it be used?
This information is usually covered in the relevant service agreement, be it for use of a website, software product or even a device, but it is regularly written in legalese, and the language is usually so broad and ambiguous that it appears to allow virtually any use of customers' personal information. While a service agreement is a legal document written with the intent to avoid the problems Google and Microsoft have experienced, companies should also attach an accompanying explanation written in plain English that a layperson can understand. Such a proactive measure would stop a lot of the confusion that inevitably occurs when a large enterprise announces changes to a widely used service.
It's naive to think that companies will offer free services without trying to monetize them.
Take, for example, the article in The New York Times reporting that Microsoft's updated services agreement gave the company broad leeway to collect and use personal information gleaned from consumers of its free, Web-based products. This prompted the co-chairman of the Congressional Bipartisan Privacy Caucus, U.S. Rep. Edward J. Markey, D-Ma., to write to Steve Ballmer, Microsoft's CEO, expressing concern about the policy. Microsoft was forced to change its new disclosure policy to tell consumers explicitly that it would not use personal information it collects from users of some Microsoft products to produce or promote targeted online advertising and released a statement saying, "One thing we don't do is use the content of our customers' private communications and documents to target advertising." This was a not-so-veiled jab at its competitor, Google, which does engage in that practice.
Dig Deeper on Data privacy issues and compliance
Related Q&A from Michael Cobb
WhatsApp vulnerabilities can enable hackers to bypass end-to-end encryption and spoof messages. Expert Michael Cobb explains how these attacks work ... Continue Reading
Disabling Google location tracking involves more than turning off Location History. Learn how to manage your account settings to stop tracking ... Continue Reading
Compared to TLS 1.2, TLS 1.3 saw improvements in security, performance and privacy. Learn how TLS 1.3 eliminated vulnerabilities using cryptographic ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.