Feeds

EU launches formal Microsoft privacy policy probe

Wants proof that Redmond's terms are better than Google's

Boost IT visibility and business value

The European Union has opened a formal investigation into whether recent changes to Microsoft's Services Agreement are in violation of EU data privacy law.

Privacy regulators informed the software giant of the probe in a letter sent to Microsoft CEO Steve Ballmer and the head of the company's Luxembourg division, dated December 17, Bloomberg reports.

"Given the wide range of services you offer, and popularity of these services, changes in your Services Agreement and the linked Privacy Policy may affect many individuals in most or all of the EU member states," Jacob Kohnstamm, head of the privacy watchdog Article 29 Working Party, wrote in the brief letter.

The tweaks to Microsoft's terms of service took effect on October 19 and were met with surprisingly little furor at the time, considering that they were substantially similar to the earlier policy changes that swiftly landed Google in hot water with regulators on both sides of the Atlantic.

The revised Microsoft Services Agreement here seems to take a fairly broad view of what Redmond can do with the data stored on its servers:

When you upload your content to the services, you agree that it may be used, modified, adapted, saved, reproduced, distributed, and displayed to the extent necessary to protect you and to provide, protect and improve Microsoft products and services.

The older wording said Microsoft could make use of the data "solely to the extent necessary to provide the service." It's a subtle distinction, perhaps – and in fact, one that Microsoft claims doesn't exist at all.

"We're happy to answer any questions officials may have about recent changes to the Microsoft Services Agreement, which we've said previously do not alter our privacy policies," a Redmond rep told The Reg in an emailed statement.

Those comments echo what the company has been saying since October, when spokesman Jack Evans also said the "update" to the Services Agreement "did not alter" existing policies.

"Over the years, we have consistently informed users that we may use their content to improve the services they receive," Evans told The New York Times, citing spam filters and automated email categorization as two examples of features for which Microsoft analyzes content.

"One thing we don't do is use the content of our customers' private communications and documents to create targeted advertising," Evans said. "If that ever changes, we'll be the first to let our customers know."

But those reassurances don't seem to have convinced EU regulators, who have been examining the situation since shortly after the new terms took effect, seemingly with growing concern.

In October, Gerard Lommel, president of Luxembourg's data protection commission told Bloomberg, "This investigation is not at the same level as the probe concerning Google was a few months ago when it changed its privacy policy, where clear privacy issues had been identified."

Regulators led by Luxembourg and France now seem to have altered their stance somewhat, having informed Microsoft that they have "decided to check the possible consequences for the protection of the personal data of these individuals in a coordinated procedure."

No time frame for the probe has been given.

Of course, such an investigation does not in and of itself imply that the EU will take any further action. But EU regulators have been harshly critical of Google's similarly broad data sharing policy, and in October they issued a letter signed by representatives of 27 countries, demanding that the search giant clarify its terms and provide more opt-out options.

No fines have yet been discussed in that case, however, and regulators have not accused the Chocolate Factory of breaking the law. Google is reportedly mulling its next steps. ®

The Essential Guide to IT Transformation

More from The Register

next story
Just TWO climate committee MPs contradict IPCC: The two with SCIENCE degrees
'Greenhouse effect is real, but as for the rest of it ...'
'Blow it up': Plods pop round for chat with Commonwealth Games tweeter
You'd better not be talking about the council's housing plans
Arrr: Freetard-bothering Digital Economy Act tied up, thrown in the hold
Ministry of Fun confirms: Yes, we're busy doing nothing
Help yourself to anyone's photos FOR FREE, suggests UK.gov
Copyright law reforms will keep m'learned friends busy
Apple smacked with privacy sueball over Location Services
Class action launched on behalf of 100 million iPhone owners
Adam Afriyie MP: Smart meters are NOT so smart
Mega-costly gas 'n' 'leccy totting-up tech not worth it - Tory MP
Yes, Australia's government SHOULD store comms metadata
Not because it's a good idea but because it already operates the infrastructure and processes to do it well
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.
Maximize storage efficiency across the enterprise
The HP StoreOnce backup solution offers highly flexible, centrally managed, and highly efficient data protection for any enterprise.