Feeds

EU launches formal Microsoft privacy policy probe

Wants proof that Redmond's terms are better than Google's

Secure remote control for conventional and virtual desktops

The European Union has opened a formal investigation into whether recent changes to Microsoft's Services Agreement are in violation of EU data privacy law.

Privacy regulators informed the software giant of the probe in a letter sent to Microsoft CEO Steve Ballmer and the head of the company's Luxembourg division, dated December 17, Bloomberg reports.

"Given the wide range of services you offer, and popularity of these services, changes in your Services Agreement and the linked Privacy Policy may affect many individuals in most or all of the EU member states," Jacob Kohnstamm, head of the privacy watchdog Article 29 Working Party, wrote in the brief letter.

The tweaks to Microsoft's terms of service took effect on October 19 and were met with surprisingly little furor at the time, considering that they were substantially similar to the earlier policy changes that swiftly landed Google in hot water with regulators on both sides of the Atlantic.

The revised Microsoft Services Agreement here seems to take a fairly broad view of what Redmond can do with the data stored on its servers:

When you upload your content to the services, you agree that it may be used, modified, adapted, saved, reproduced, distributed, and displayed to the extent necessary to protect you and to provide, protect and improve Microsoft products and services.

The older wording said Microsoft could make use of the data "solely to the extent necessary to provide the service." It's a subtle distinction, perhaps – and in fact, one that Microsoft claims doesn't exist at all.

"We're happy to answer any questions officials may have about recent changes to the Microsoft Services Agreement, which we've said previously do not alter our privacy policies," a Redmond rep told The Reg in an emailed statement.

Those comments echo what the company has been saying since October, when spokesman Jack Evans also said the "update" to the Services Agreement "did not alter" existing policies.

"Over the years, we have consistently informed users that we may use their content to improve the services they receive," Evans told The New York Times, citing spam filters and automated email categorization as two examples of features for which Microsoft analyzes content.

"One thing we don't do is use the content of our customers' private communications and documents to create targeted advertising," Evans said. "If that ever changes, we'll be the first to let our customers know."

But those reassurances don't seem to have convinced EU regulators, who have been examining the situation since shortly after the new terms took effect, seemingly with growing concern.

In October, Gerard Lommel, president of Luxembourg's data protection commission told Bloomberg, "This investigation is not at the same level as the probe concerning Google was a few months ago when it changed its privacy policy, where clear privacy issues had been identified."

Regulators led by Luxembourg and France now seem to have altered their stance somewhat, having informed Microsoft that they have "decided to check the possible consequences for the protection of the personal data of these individuals in a coordinated procedure."

No time frame for the probe has been given.

Of course, such an investigation does not in and of itself imply that the EU will take any further action. But EU regulators have been harshly critical of Google's similarly broad data sharing policy, and in October they issued a letter signed by representatives of 27 countries, demanding that the search giant clarify its terms and provide more opt-out options.

No fines have yet been discussed in that case, however, and regulators have not accused the Chocolate Factory of breaking the law. Google is reportedly mulling its next steps. ®

Choosing a cloud hosting partner with confidence

More from The Register

next story
Bono apologises for iTunes album dump
Megalomania, generosity and FEAR of irrelevance drove group to Apple deal
Facebook, Apple: LADIES! Why not FREEZE your EGGS? It's on the company!
No biological clockwatching when you work in Silicon Valley
Doctor Who's Flatline: Cool monsters, yes, but utterly limp subplots
We know what the Doctor does, stop going on about it already
Arab States make play for greater government control of the internet
Nerds told to get lost in last-minute power grab bid at UN meeting
Apple SILENCES Bose, YANKS headphones from stores
The, er, Beats go on after noise-cancelling spat
Zippy one-liners, broken promises: Doctor Who on the Orient Express
Series finally hits stride, but Clara's U-turn is baffling
Don't bother telling people if you lose their data, say Euro bods
You read that right – with the proviso that it's encrypted
10 Top Tips For PRs Considering Whether To Phone The Register
You'll Read These And LOL Even Though They're Serious
Stop ROBOT exploitation, cry striking Foxconn workers
HP downturn and automation eroding overtime on China's production lines
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Win a year’s supply of chocolate
There is no techie angle to this competition so we're not going to pretend there is, but everyone loves chocolate so who cares.
Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.