REDMOND, Wash. — July 22, 2007 — Expanding on its ongoing work to help protect customer privacy, Microsoft Corp. today announced an enhanced set of privacy principles for Live Search and online advertising data collection, use and protection. The principles outline new, enhanced steps to help protect the privacy of Microsoft® Windows Live™ users, including making search query data anonymous after 18 months by permanently removing cookie IDs, the entire IP address and other identifiers from search terms. Microsoft will also work to give customers more control over what information it uses to personalize their online search experience. In connection with its efforts to support a common industry approach to privacy issues, Microsoft also announced that it will join the Network Advertising Initiative (NAI) later this year when it begins to offer third-party ad serving broadly.
“We have been thinking deeply about privacy related to search and online advertising and believe it is critical to evolve our privacy principles,” said Peter Cullen, chief privacy strategist at Microsoft. “We believe our enhanced principles should be part of the industry dialogue on this issue and that keeping these issues as simple as possible for consumers is the best approach. For instance, on search data, anonymous should mean anonymous.”
Building Upon and Evolving Long-Term Privacy Practices and Efforts
For several years, Microsoft has adhered to globally recognized privacy practices of notice, choice, access, security, enforcement, onward transfer and data integrity. Today, customers and people in the privacy community have an increasing interest in the privacy implications of online advertising, behavioral targeting and the personalization of online services. The company is updating its current privacy policies to take these considerations into account.
As part of its Trustworthy Computing efforts, Microsoft has maintained a strong commitment to helping protect the security and privacy of its customers. The enhanced privacy principles build upon the company’s work over the last several years to advocate for comprehensive federal privacy legislation in the United States and more consistent public policy worldwide to help protect consumers, provide customers with guidance and technology to help provide for a safer online experience, and build privacy into the company’s software development process. Last October, based on interest from customers, partners, educators, advocates and regulators, Microsoft publicly released its Privacy Guidelines for Developing Software Products and Services. The public guidelines draw from the company’s experience incorporating privacy into the development process and reflect customer expectations and global privacy laws.
“We are entering a new age of innovative, competitive solutions to online privacy issues,” said Ari Schwartz, deputy director of the Center for Democracy and Technology. “By playing an active role in developing such approaches, and embracing a call for comprehensive federal privacy legislation, Microsoft is helping to lead the way.”
Providing Further Clarity on Search Data Use and Retention Policies
Microsoft privacy principles for Live Search and online ad targeting include the following:
User Notice. Microsoft will continue to be transparent about its policies and practices so that users can make informed choices. It will regularly update the Microsoft Online Privacy Statement, accessible from every page of each major online service it operates, to maintain transparency as its services evolve or its practices change. This will include an update to its privacy statement to provide more detail about online advertising and search data collection and protection.
User Control. Microsoft will continue to implement new privacy features and practices as it continues to develop its online services and offer new controls that help users manage the types of communications they receive from Microsoft. For example, once the company begins to offer advertising services to third-party Web sites, it will offer customers the ability to opt out of the behavioral ad targeting by Microsoft’s network-advertising service on those Web sites. Microsoft also will continue to develop new user controls that will enhance privacy, such as letting people search and surf its sites without being associated with a personal and unique identifier used for behavioral ad targeting, and allowing signed-in users to control the personalization of the services they receive.
Search Data Anonymization. Microsoft will implement specific policies around search query data, be explicit with customers about how long the company retains search terms in an identifiable way, and inform people of when and how it may “anonymize” such data. Specifically, Microsoft will make all Live Search query data anonymous after 18 months, unless the company receives user consent for a longer time period. This policy will apply retroactively and worldwide, and will include permanently removing the entirety of the IP address and all other cross-session identifiers, such as cookie IDs and other machine identifiers, from the search terms. It will ensure that any personalized search services involving users choosing a longer retention period are offered in a transparent way, with prominent notice and consent.
Minimizing Privacy Impact and Data Protection. Microsoft will continue to design its systems and processes in ways that minimize the privacy impact of the data it collects, stores, processes and uses to deliver products and services. For example, Microsoft will store Live Search service search terms separately from account information that personally and directly identifies the person, such as name, e-mail address and phone numbers. Moreover, Microsoft will maintain and continually improve protection to prevent the unauthorized correlation of this data. Microsoft will ensure that any service requiring the connection of search terms to individually identifying account information is offered in a transparent way, with prominent notice and user consent.
Legal Requirements and Industry Best Practices. Microsoft will continue to follow all applicable legal requirements as well as leading industry best practices in the markets where it operates. Microsoft adheres to globally recognized privacy standards set forth in the Organisation for Economic Co-operation and Development and Online Privacy Alliance guidelines, is a member of the TRUSTe Privacy Seal Program, and abides by the Safe Harbor framework set forth by the U.S. Department of Commerce. When it begins to offer advertising services on third-party Web sites, Microsoft will follow applicable NAI Principles.
More information, including the full text of Microsoft’s enhanced privacy principles for Live Search and online ad targeting, is available at http://www.microsoft.com/privacy.
Adhering to Existing Industry Standards for Privacy and Online Advertising
As part of its ongoing commitment to work with others in the industry, Microsoft will join the NAI, a cooperative of online marketing and advertising companies that are committed to addressing important privacy and consumer protection issues in emerging media. As a member of the NAI, Microsoft will follow applicable NAI Principles, including giving customers the ability to opt out of behavioral ad targeting by Microsoft’s network-advertising service.
“This is an important step for the industry and for consumers,” said Trevor Hughes, executive director of the NAI. “We’re pleased that Microsoft has committed to joining the NAI, and we look forward to working with Microsoft and other NAI members to encourage the adoption of NAI Principles and other important privacy standards industrywide.”
Founded in 1975, Microsoft (Nasdaq “MSFT”) is the worldwide leader in software, services and solutions that help people and businesses realize their full potential.
Note to editors: If you are interested in viewing additional information on Microsoft, please visit the Microsoft® Web page at http://www.microsoft.com/presspass on Microsoft’s corporate information pages. Web links, telephone numbers and titles were correct at time of publication, but may since have changed. For additional assistance, journalists and analysts may contact Microsoft’s Rapid Response Team or other appropriate contacts listed at http://www.microsoft.com/presspass/contactpr.mspx.