Feeds

EU launches formal Microsoft privacy policy probe

Wants proof that Redmond's terms are better than Google's

Top 5 reasons to deploy VMware with Tegile

The European Union has opened a formal investigation into whether recent changes to Microsoft's Services Agreement are in violation of EU data privacy law.

Privacy regulators informed the software giant of the probe in a letter sent to Microsoft CEO Steve Ballmer and the head of the company's Luxembourg division, dated December 17, Bloomberg reports.

"Given the wide range of services you offer, and popularity of these services, changes in your Services Agreement and the linked Privacy Policy may affect many individuals in most or all of the EU member states," Jacob Kohnstamm, head of the privacy watchdog Article 29 Working Party, wrote in the brief letter.

The tweaks to Microsoft's terms of service took effect on October 19 and were met with surprisingly little furor at the time, considering that they were substantially similar to the earlier policy changes that swiftly landed Google in hot water with regulators on both sides of the Atlantic.

The revised Microsoft Services Agreement here seems to take a fairly broad view of what Redmond can do with the data stored on its servers:

When you upload your content to the services, you agree that it may be used, modified, adapted, saved, reproduced, distributed, and displayed to the extent necessary to protect you and to provide, protect and improve Microsoft products and services.

The older wording said Microsoft could make use of the data "solely to the extent necessary to provide the service." It's a subtle distinction, perhaps – and in fact, one that Microsoft claims doesn't exist at all.

"We're happy to answer any questions officials may have about recent changes to the Microsoft Services Agreement, which we've said previously do not alter our privacy policies," a Redmond rep told The Reg in an emailed statement.

Those comments echo what the company has been saying since October, when spokesman Jack Evans also said the "update" to the Services Agreement "did not alter" existing policies.

"Over the years, we have consistently informed users that we may use their content to improve the services they receive," Evans told The New York Times, citing spam filters and automated email categorization as two examples of features for which Microsoft analyzes content.

"One thing we don't do is use the content of our customers' private communications and documents to create targeted advertising," Evans said. "If that ever changes, we'll be the first to let our customers know."

But those reassurances don't seem to have convinced EU regulators, who have been examining the situation since shortly after the new terms took effect, seemingly with growing concern.

In October, Gerard Lommel, president of Luxembourg's data protection commission told Bloomberg, "This investigation is not at the same level as the probe concerning Google was a few months ago when it changed its privacy policy, where clear privacy issues had been identified."

Regulators led by Luxembourg and France now seem to have altered their stance somewhat, having informed Microsoft that they have "decided to check the possible consequences for the protection of the personal data of these individuals in a coordinated procedure."

No time frame for the probe has been given.

Of course, such an investigation does not in and of itself imply that the EU will take any further action. But EU regulators have been harshly critical of Google's similarly broad data sharing policy, and in October they issued a letter signed by representatives of 27 countries, demanding that the search giant clarify its terms and provide more opt-out options.

No fines have yet been discussed in that case, however, and regulators have not accused the Chocolate Factory of breaking the law. Google is reportedly mulling its next steps. ®

Beginner's guide to SSL certificates

More from The Register

next story
Facebook pays INFINITELY MORE UK corp tax than in 2012
Thanks for the £3k, Zuck. Doh! you're IN CREDIT. Guess not
DOUBLE BONK: Testy fanbois catch Apple Pay picking pockets
Users wail as tapcash transactions are duplicated
Happiness economics is bollocks. Oh, UK.gov just adopted it? Er ...
Opportunity doesn't knock; it costs us instead
YARR! Pirates walk the plank: DMCA magnets sink in Google results
Spaffing copyrighted stuff over the web? No search ranking for you
In the next four weeks, 100 people will decide the future of the web
While America tucks into Thanksgiving turkey, the world will be taking over the net
Microsoft EU warns: If you have ties to the US, Feds can get your data
European corps can't afford to get complacent while American Big Biz battles Uncle Sam
prev story

Whitepapers

Choosing cloud Backup services
Demystify how you can address your data protection needs in your small- to medium-sized business and select the best online backup service to meet your needs.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.