On the Issues Home > 2008

A Winning Formula

With a few guidelines, online advertising will work best for advertisers and consumers.

Published: April 23, 2008
Resources

Microsoft's Approach to Online Privacy
Read the news release about the company’s proposal.

Self-regulatory Principles (.pdf file, 800 kb)
Read Microsoft’s proposal to the FTC.

Trustworthy Computing: Privacy
Learn about Microsoft’s broad efforts to help protect privacy online.

Every day, millions of consumers benefit from a vast and growing array of free online services that are supported by online advertising. To help sustain these free services, companies are constantly working to make online advertising more relevant to consumers.

One way to make ads more relevant is by collecting data about site visitors — the search terms they enter, for example, and what sites they’re viewing. That way, someone searching for information about new cars can be served advertising about — you guessed it — new cars. Simple as that.

Except that the retention and use of such data raises fears that personal information or data about online behavior may be misused, or may fall into the wrong hands.

To help safeguard consumers — and encourage development of even more online services — Microsoft recently proposed a new structure for self-regulation of online advertising. We submitted a plan to the Federal Trade Commission (FTC) for a five-tiered system of privacy protection.

Our approach, based on privacy principles that we use for our own online services, is rooted in the simple notion that the greater the potential risk to privacy, the greater the need for privacy protection.

Collecting data about site visitors. Organizations that deliver ads or ad-related services on their own sites, and keep records of page views or collect other information about consumers for that purpose, should post a privacy policy on the home page, implement reasonable security procedures and retain data only as long as necessary to fulfill a legitimate business need, or as required by law.

Delivering ads on unrelated sites. Organizations that deliver online ads or services on unrelated third-party sites, and that collect data about the sites’ visitors, should ensure that the visitors receive notice of their privacy practices on those sites.

Behavioral advertising. Organizations that profile visitors’ activity on unrelated third-party sites should offer consumers an option to just say “no” to targeted ads.

Use of personally identifiable information. These organizations also should take steps, as Microsoft does, to ensure they are not using personally identifiable information — such as a name, e-mail address, physical address or phone number — to target ads. Or at a minimum, consumers should be given a clear choice in the matter.

Use of sensitive personal data. These organizations also should obtain affirmative consent from consumers before targeting behavioral advertising based on sensitive, personally identifiable information, such as health or medical conditions.

Microsoft will continue working with the FTC and others on meaningful online privacy protections. We believe consumers should be in the driver’s seat, in control of their information and free to enjoy a wide range of ad-supported online services with confidence.


Top of pageTop of page