Microsoft's updated privacy policy makes it clear it's not selling ads against your words

Microsoft said Wednesday that an updated privacy and services policy will go into effect by the end of July. Here's what you need to know.

Microsoft said Wednesday that by the end of July it will implement an updated, simplified privacy and services policy that makes clear the company will not snoop on your email or Skype calls to sell you advertising.

The updated privacy policy is already available to examine on Microsoft's site, where the company breaks down what information it does collect from users, and for what purpose. Microsoft said that it had worked to simplify the agreement, while trying to call out the important details that Microsoft's users care about. The related Microsoft Services Agreement applies to all of Microsoft's services, from to Office to OneDrive.

The new policy will take effect on July 31. At that time, use of Microsoft's services will constitute opting into the agreement, Microsoft said. If you want to opt out, you'll need to stop using the services or close your account.

Microsoft made it clear that, at least for advertising purposes, it does not listen in on your private communications. "As part of our ongoing commitment to respecting your privacy, we have updated the Microsoft Services Agreement to state that we do not use what you say in email, chat, video calls, or voice mail to target advertising to you," the company said. "Nor do we use your documents, photos, or other personal files to target advertising to you."

Microsoft did not explicitly refer to Google or any other competitor, but the message was clear: While rivals like Google may sell ads against your content, Microsoft will not. In 2012, Google consolidated its privacy policy as well, sharing information to provide a more cohesive profile of its users. U.S. lawmakers and Europeans went ballistic, charging that the information was being collected without consent, and without enough provisions to opt out.

Oh, Microsoft's snooping, all right

But that doesn't mean that Microsoft isn't collecting your data at all--quite the opposite, in fact. The policy makes clear that Microsoft may ask for personal information when you sign up for a service, including your name and location.

Users also implicitly consent to Microsoft's recording their voices and other content to improve its services. "And you may provide content -- your communications and your files -- while using our sites and services," the updated privacy policy states. "Content includes the words in an email in or the photos and documents stored on OneDrive."

And if Microsoft doesn't get the information it wants, it can always buy what it needs from a third-party company, it warns.

Microsoft already uses your information to improve its services, such as its Cortana digital assistant, which typically knows your location so it can provide a list of nearby points of interest. It also uses that information to provide targeted ads--the more information an advertiser knows about you, the more interesting the ad. (A Microsoft page allows you to opt out of targeted ads.)

Calling down the banhammer

Microsoft also made clear what behavior would result in pulling a user's access rights to its services, essentially banning the person from the Microsoft ecosystem:

Microsoft also made clear that it would not examine the contents of your email, even if it suspected users of trafficking in contraband Microsoft products, as happened earlier this year. Microsoft said then that it would simply refer the matter to law enforcement.

Here's another no-no: If you fail to log in once a year to Microsoft's services, Microsoft will terminate your account and delete all or most of the data associated with it.

"You must sign in to your Microsoft account periodically, at a minimum every year, to keep services associated with your Microsoft account active, unless provided otherwise in an offer for a paid portion of the Services," Microsoft's updated services agreement states. "If you don't sign in during this period, we will close your account (which means you won't have access to the Windows Services, Office Services, Content stored in your account, and any other product or service that uses Microsoft account). If your Services are canceled, we will delete information or Content (as defined below) associated with your Microsoft account, or will otherwise disassociate it from you and your Microsoft account, unless the law requires us to keep it."

Sign in, or else

It's very possible that simply logging into your Windows PC or an app will constitute signing into your account. And frequent Windows users won't have to worry. But for soldiers on deployment, for example, it might be something to think about.

As of now, there's no apparent mechanism for opting out of Microsoft's data collection practices, short of terminating your account and discontinuing to use Microsoft's services. And there's no indication that Microsoft is necessarily expanding its data collection practices.

Nevertheless, the simplified policies will undoubtedly be scrutinized by lawmakers and privacy advocates in the wake of Google's effort. It's worth a few minutes of your time.

Join the CSO newsletter!

Error: Please check your email address.

Tags skypeMicrosoftsecurityprivacy

More about GoogleMicrosoftSkype

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Mark Hachman

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place