From the moment an account is created, Microsoft begins watching. The company saves customers’ basic information—name, contact details, passwords, demographic data and credit card specifics —but it also digs a bit deeper.
Other information Microsoft saves includes Bing search queries and conversations with the new digital personal assistant Cortana; contents of private communications such as email; websites and apps visited (including features accessed and length of time used); and contents of private folders. Furthermore, “your typed and handwritten words are collected,” the Privacy Statement says, which many online observers liken to a keylogger. Microsoft says they collect the information “to provide you a personalized user dictionary, help you type and write on your device with better character recognition, and provide you with text suggestions as you type or write.”
All this information doesn’t necessarily remain with just Microsoft. The company says it uses the data collected for three purposes: to provide and improve its services; to send customers personalized promotions; and to display targeted advertising, which sometimes requires the information be shared with third parties. Microsoft mentions that though it assigns each customer a unique advertising ID, which is fed data during computer usage, it “does not use what you say in email, chat, video calls or voice mail, or your documents, photos or other personal files to target ads to you.” It makes no such promise for its other stated data collection purposes.
Though possibly surprising to some, the company’s data collection practices fit within the industry’s new normal. Google’s Privacy Terms, for instance, show that the tech giant is also analyzing the content of users’ emails to provide a better, more personalized product, it claims. And as The Guardian points out, “Both Siri and Google Now require access to the user’s personal information to personalise responses, while both Apple and Google offer developers the ability to deliver personalised ads to users based on information such as app installs.”
Also like its competitors, Microsoft says it will disclose content of private communications or files in saved documents to “respond to valid legal process.” In the company’s latest bi-annual transparency report released in late March, it says that of the 31,002 government requests for information received between June and December 2014, it disclosed content of personal communications in 3.36 percent of cases and non-content data in 73.17 percent.
While users are given the choice to opt out of Microsoft’s various data collections, critics claim this isn’t enough. “[T]he Windows 10 upgrade experience…strips users of their choice by effectively overriding existing user preferences,” claims Chris Beard, CEO of the Mozilla Corporation, a Microsoft competitor. “It now takes more than twice the number of mouse clicks, scrolling through content and some technical sophistication for people to reassert the choices they had previously made in earlier versions of Windows.”
Microsoft didn’t respond to requests for comment about specifics of the privacy terms, but in a blog post introducing them, Microsoft’s deputy general counsel, Horacio Gutierrez, calls the Privacy Statement a “straightforward resource for understanding Microsoft’s commitments for protecting individual privacy.” Alex Meer of the gaming website Rock Paper Shotgun countered, “There is no world in which 45 pages of policy documents and opt-out settings split across 13 different Settings screens and an external website constitutes ‘real transparency’.”
Microsoft may not share customers’ every digital move with a third party, but some worry hackers could steal the wealth of very personal information for their own purposes. Microsoft’s response to such concerns: “Microsoft is committed to protecting the security of your personal data…we store the personal data you provide on computer systems that have limited access and are in controlled facilities. When we transmit highly confidential data (such as a credit card number or password) over the Internet, we protect it through the use of encryption.”