Feeds

EU launches formal Microsoft privacy policy probe

Wants proof that Redmond's terms are better than Google's

The Power of One Infographic

The European Union has opened a formal investigation into whether recent changes to Microsoft's Services Agreement are in violation of EU data privacy law.

Privacy regulators informed the software giant of the probe in a letter sent to Microsoft CEO Steve Ballmer and the head of the company's Luxembourg division, dated December 17, Bloomberg reports.

"Given the wide range of services you offer, and popularity of these services, changes in your Services Agreement and the linked Privacy Policy may affect many individuals in most or all of the EU member states," Jacob Kohnstamm, head of the privacy watchdog Article 29 Working Party, wrote in the brief letter.

The tweaks to Microsoft's terms of service took effect on October 19 and were met with surprisingly little furor at the time, considering that they were substantially similar to the earlier policy changes that swiftly landed Google in hot water with regulators on both sides of the Atlantic.

The revised Microsoft Services Agreement here seems to take a fairly broad view of what Redmond can do with the data stored on its servers:

When you upload your content to the services, you agree that it may be used, modified, adapted, saved, reproduced, distributed, and displayed to the extent necessary to protect you and to provide, protect and improve Microsoft products and services.

The older wording said Microsoft could make use of the data "solely to the extent necessary to provide the service." It's a subtle distinction, perhaps – and in fact, one that Microsoft claims doesn't exist at all.

"We're happy to answer any questions officials may have about recent changes to the Microsoft Services Agreement, which we've said previously do not alter our privacy policies," a Redmond rep told The Reg in an emailed statement.

Those comments echo what the company has been saying since October, when spokesman Jack Evans also said the "update" to the Services Agreement "did not alter" existing policies.

"Over the years, we have consistently informed users that we may use their content to improve the services they receive," Evans told The New York Times, citing spam filters and automated email categorization as two examples of features for which Microsoft analyzes content.

"One thing we don't do is use the content of our customers' private communications and documents to create targeted advertising," Evans said. "If that ever changes, we'll be the first to let our customers know."

But those reassurances don't seem to have convinced EU regulators, who have been examining the situation since shortly after the new terms took effect, seemingly with growing concern.

In October, Gerard Lommel, president of Luxembourg's data protection commission told Bloomberg, "This investigation is not at the same level as the probe concerning Google was a few months ago when it changed its privacy policy, where clear privacy issues had been identified."

Regulators led by Luxembourg and France now seem to have altered their stance somewhat, having informed Microsoft that they have "decided to check the possible consequences for the protection of the personal data of these individuals in a coordinated procedure."

No time frame for the probe has been given.

Of course, such an investigation does not in and of itself imply that the EU will take any further action. But EU regulators have been harshly critical of Google's similarly broad data sharing policy, and in October they issued a letter signed by representatives of 27 countries, demanding that the search giant clarify its terms and provide more opt-out options.

No fines have yet been discussed in that case, however, and regulators have not accused the Chocolate Factory of breaking the law. Google is reportedly mulling its next steps. ®

Boost IT visibility and business value

More from The Register

next story
Yorkshire cops fail to grasp principle behind BT Fon Wi-Fi network
'Prevent people that are passing by to hook up to your network', pleads plod
UK government officially adopts Open Document Format
Microsoft insurgency fails, earns snarky remark from UK digital services head
Major problems beset UK ISP filth filters: But it's OK, nobody uses them
It's almost as though pr0n was actually rather popular
HP, Microsoft prove it again: Big Business doesn't create jobs
SMEs get lip service - what they need is dinner at the Club
ITC: Seagate and LSI can infringe Realtek patents because Realtek isn't in the US
Land of the (get off scot) free, when it's a foreign owner
MPs wave through Blighty's 'EMERGENCY' surveillance laws
Only 49 politcos voted against DRIP bill
Help yourself to anyone's photos FOR FREE, suggests UK.gov
Copyright law reforms will keep m'learned friends busy
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Reducing security risks from open source software
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.