Feeds

EU launches formal Microsoft privacy policy probe

Wants proof that Redmond's terms are better than Google's

Next gen security for virtualised datacentres

The European Union has opened a formal investigation into whether recent changes to Microsoft's Services Agreement are in violation of EU data privacy law.

Privacy regulators informed the software giant of the probe in a letter sent to Microsoft CEO Steve Ballmer and the head of the company's Luxembourg division, dated December 17, Bloomberg reports.

"Given the wide range of services you offer, and popularity of these services, changes in your Services Agreement and the linked Privacy Policy may affect many individuals in most or all of the EU member states," Jacob Kohnstamm, head of the privacy watchdog Article 29 Working Party, wrote in the brief letter.

The tweaks to Microsoft's terms of service took effect on October 19 and were met with surprisingly little furor at the time, considering that they were substantially similar to the earlier policy changes that swiftly landed Google in hot water with regulators on both sides of the Atlantic.

The revised Microsoft Services Agreement here seems to take a fairly broad view of what Redmond can do with the data stored on its servers:

When you upload your content to the services, you agree that it may be used, modified, adapted, saved, reproduced, distributed, and displayed to the extent necessary to protect you and to provide, protect and improve Microsoft products and services.

The older wording said Microsoft could make use of the data "solely to the extent necessary to provide the service." It's a subtle distinction, perhaps – and in fact, one that Microsoft claims doesn't exist at all.

"We're happy to answer any questions officials may have about recent changes to the Microsoft Services Agreement, which we've said previously do not alter our privacy policies," a Redmond rep told The Reg in an emailed statement.

Those comments echo what the company has been saying since October, when spokesman Jack Evans also said the "update" to the Services Agreement "did not alter" existing policies.

"Over the years, we have consistently informed users that we may use their content to improve the services they receive," Evans told The New York Times, citing spam filters and automated email categorization as two examples of features for which Microsoft analyzes content.

"One thing we don't do is use the content of our customers' private communications and documents to create targeted advertising," Evans said. "If that ever changes, we'll be the first to let our customers know."

But those reassurances don't seem to have convinced EU regulators, who have been examining the situation since shortly after the new terms took effect, seemingly with growing concern.

In October, Gerard Lommel, president of Luxembourg's data protection commission told Bloomberg, "This investigation is not at the same level as the probe concerning Google was a few months ago when it changed its privacy policy, where clear privacy issues had been identified."

Regulators led by Luxembourg and France now seem to have altered their stance somewhat, having informed Microsoft that they have "decided to check the possible consequences for the protection of the personal data of these individuals in a coordinated procedure."

No time frame for the probe has been given.

Of course, such an investigation does not in and of itself imply that the EU will take any further action. But EU regulators have been harshly critical of Google's similarly broad data sharing policy, and in October they issued a letter signed by representatives of 27 countries, demanding that the search giant clarify its terms and provide more opt-out options.

No fines have yet been discussed in that case, however, and regulators have not accused the Chocolate Factory of breaking the law. Google is reportedly mulling its next steps. ®

Secure remote control for conventional and virtual desktops

More from The Register

next story
'Stop dissing Google or quit': OK, I quit, says Code Club co-founder
And now a message from our sponsors: 'STFU or else'
Top beak: UK privacy law may be reconsidered because of social media
Rise of Twitter etc creates 'enormous challenges'
Uber, Lyft and cutting corners: The true face of the Sharing Economy
Casual labour and tired ideas = not really web-tastic
Ex US cybersecurity czar guilty in child sex abuse website case
Health and Human Services IT security chief headed online to share vile images
Don't even THINK about copyright violation, says Indian state
Pre-emptive arrest for pirates in Karnataka
The police are WRONG: Watching YouTube videos is NOT illegal
And our man Corfield is pretty bloody cross about it
Oz biz regulator discovers shared servers in EPIC FACEPALM
'Not aware' that one IP can hold more than one Website
prev story

Whitepapers

Gartner critical capabilities for enterprise endpoint backup
Learn why inSync received the highest overall rating from Druva and is the top choice for the mobile workforce.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Rethinking backup and recovery in the modern data center
Combining intelligence, operational analytics, and automation to enable efficient, data-driven IT organizations using the HP ABR approach.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.