Microsoft has announced a review of its Windows Privacy Statement to offer opt-out on adverts and sharing of personal information.
According to an announcement made to users, when you sign in to a site or service using your Microsoft account, it collects certain information in order to verify your identity on behalf of the site or service to protect you from malicious account usage and to protect the efficiency and security of the Microsoft account service.
“We also send some of this information to sites and services that you sign in to with your Microsoft account,” it said. “We use demographic information – gender, country, age and postal code but not your name or contact information – from your Microsoft account to provide personalized ads to you.”
It said that it collects “many kinds of information in order to operate effectively and provide you the best products, services and experiences we can” and collects information when you register, sign in and use its sites and services, as well as collecting information from other companies.
In terms of why personal information is shared, Microsoft said that is done with user consent, and that it may “disclose information and content to Microsoft affiliates and vendors” when this is: required by law or to respond to valid legal process; to protect our customers; to protect lives; and to maintain the security of our services.
It said: “We may also disclose information and content to protect the rights or property of Microsoft – however, if we receive information indicating that someone is using our services to traffic in stolen intellectual or physical property of Microsoft, we will not inspect a customer’s private content ourselves, but we may refer the matter to law enforcement.”
In March, Microsoft admitted to having taken “extraordinary actions based on the specific circumstances” to access a user’s email account. John Frank, deputy general counsel and vice president of legal & corporate affairs at Microsoft, said that while it believes that Outlook and Hotmail email are and should be private, information it received indicated an employee was providing stolen intellectual property to a third party. That information was believed to be lines of code from the not-yet-released Windows 8 operating system. As part of the investigation, Microsoft looked into the blogger’s accounts to find out the name of the employee.
Sarb Sembhi, ISACA London Security Group member, told IT Security Guru that he understood why Microsoft needed to collect, but he questioned what options users had when they do not want data collected.
He said: “These details are as useful as they can be in the way they tell you about sharing data. The key area we are missing is why Windows want to have your data; it explains on cookies and beacons and other ways to opt out, but for someone who is uneducated, they will have no clue.”
According to the EMC Global Internet Privacy Index of 15,000 consumers, 59 per cent of UK respondents feel that they have less privacy now, compared to a year ago while 84 per cent expect privacy to erode over the next five years.