New Microsoft Privacy Policy Expands Its User Data Mining Rights

Microsoft revised its terms of service Oct. 19 to give it more leeway to mine user data from free online services such as email, instant messaging and search.

Microsoft has introduced new terms of service for its free online services such as email, instant messaging and search that broadens its rights to mine data across different platforms.

The terms of service, made public Oct. 19, allow Microsoft to collect user data from one service, such as Windows Live Messenger, and use it to improve another service, such as a messaging in Xbox. Previously, that would not have been allowed, according to a report in The New York Times.

There was a huge outcry when Google made a similar change to its privacy policy in January, but there has been no similar response to Microsoft's move, The Times reported.

Microsoft has stated that it will not use the personal information and content it collects to sell targeted advertising, although the new terms of service document doesn't specifically prohibit that.

But Microsoft said, through a spokesperson, that it does not plan to do that and will inform the public if it ever does.

"The recent update we announced to the Microsoft Service Agreement did not alter our existing privacy policies," said the statement to eWEEK from Microsoft.

"One thing we don't do is use the content of our customers' private communications and documents to target advertising. However, we recognize we could have been clearer about this when we rolled out our updated services agreement."

While the reaction to the Microsoft change has been relatively muted so far, at least one privacy advocate has compared it to Google's.

"It allows the combination of data across services in ways a user wouldn't reasonably expect. Microsoft wants to be able to compile massive digital dossiers about users of its services and monetize them," John M. Simpson of Consumer Watchdog, a California nonprofit group, told The Times.

The Federal Trade Commission reached a $22.5 million settlement with Google in August in a case in which the FTC found that Google had circumvented the privacy protection built into Apple's Safari Web browser.

But the Electronic Privacy Information Center (EPIC) has sued the FTC over Google's privacy policies.

EPIC obtained a PriceWaterhouseCoopers audit of Google's privacy policies from the FTC through a Freedom of Information Act (FOIA) request, but complained that the document was heavily redacted. A letter from a Google attorney accompanying the document stated that the redacted information is "competitively sensitive."

EPIC said it plans to challenge the FTC's action. EPIC also complained to the FTC about Google's decision to incorporate information from a user's Google+ account into search results.

While Microsoft claims that a change to its terms of service is not the same as a change to its privacy policy, the latter includes a separate 4,000-word main policy and at least 16 related product-specific privacy policies.

The fact that Microsoft has a terms-of-service policy and multiple privacy policies only adds to public confusion over whether their privacy is protected, Jeff Chester, executive director of the Center for Digital Democracy, a consumer protection group based in Washington, told the newspaper.

"No one understands how all this data is being put together and being used," Chester said.