Microsoft Joins Ask.com, Google in Implementing Privacy Provisions
Some weeks after the European Commission announced it would begin investigating the data retention policies of search engine providers other than Google, following its decision last month to anonymize its data retention logs after 18 months, Microsoft announced that it will adopt a similar policy.
In a statement issued this morning, however, Microsoft said it would give users of Windows Live the option of enabling the company to retain personal data for a longer period.
"Microsoft will implement specific policies around search query data, be explicit with customers about how long the company retains search terms in an identifiable way, and inform people of when and how it may 'anonymize' such data," the company stated. "Specifically, Microsoft will make all Live Search query data anonymous after 18 months, unless the company receives user consent for a longer time period. This policy will apply retroactively and worldwide, and will include permanently removing the entirety of the IP address and all other cross-session identifiers, such as cookie IDs and other machine identifiers, from the search terms. It will ensure that any personalized search services involving users choosing a longer retention period are offered in a transparent way, with prominent notice and consent."
Exactly what incentives Windows Live users would be given for enabling extended anonymization periods, the company has not said.
Furthermore, the company hasn't exactly said how it would retain the data that says a customer has consented to a longer search period. Presumably, the creation of such a list could result, if only virtually, in a table of Windows Live users who have not consented to extended anonymization, the lifetime of which would have to extend beyond 18 months for it to be functional.
Invoking its "Trustworthy Computing" moniker, the company said it will offer users a way to opt out of provisions made through advertising services to third parties. Opting out would disable functions that track user behavior on third-party Web sites. The company did not specifically say whether the list of users who have opted out would be anonymized after 18 months as well, though the initial reference to anonymization in its statement this morning referred to "search query data" - which may not apply in this instance.
As a clarification, Microsoft's chief privacy strategist, David Cullen, did offer a definition for "anonymous:" "We have been thinking deeply about privacy related to search and online advertising and believe it is critical to evolve our privacy principles. We believe our enhanced principles should be part of the industry dialogue on this issue and that keeping these issues as simple as possible for consumers is the best approach. For instance, on search data, anonymous should mean anonymous."
Search provider Ask.com made a similar anonymization announcement last Thursday. This morning, Ask.com and Microsoft are urging that search providers convene with one another in a constructive dialogue on the formation of common privacy principles. Both companies plan to report on the results of their efforts this September.
In a prepared statement this morning, Ask.com VP Doug Leeds issued this open invitation: "Anonymous user data can be very useful to enhance search products for all users, but people should have access to privacy controls based on their level of comfort around the storage of their search data. We're committed to developing new ways to give consumers the control they are entitled to when it comes to searching online, and hope others will join us in engaging in dialogue on these important issues."
Microsoft also said it is joining the Network Advertising Initiative, a group of online advertising providers which formed in 2000 to start a similar dialogue for that industry. DoubleClick is a founding member of the NAI, and will presumably continue to be so once it's fully under Google's wing.
The advocacy group Electronic Privacy Information Center has been skeptical of NAI's purposes ever since its founding. In a 2000 treatise, the organization took the NAI to task for, among other things, developing privacy principles that lacked both specificity and any form of enforcement mechanism.
For example, it spotlighted one provision stating that search engines' of privacy policies to their users must be "robust," followed by emphasis by the NAI that such robustness was mandated...without actually defining the term anywhere.
Last April, EPIC issued a complaint before the US Federal Trade Commission, urging it to investigate Google's efforts to ensure user privacy following its acquisition of DoubleClick. In that complaint, it pointed to the NAI's self-regulatory principles in an effort to demonstrate that no effort was apparently made to enforce those principles since their creation in 2000. (DoubleClick, incidentally, was an original contributor in forging those principles.)
Also avoiding the sidelines, the group Privacy International was supposed to have convened an open session of search service providers today, with regard to the subject of strengthening privacy provisions. This after several weeks of having blasted Google, at one point accusing it of conducting a public smear campaign against the organization.
It's unclear whether Google or any other search provider would have openly attended PI's conference, especially after reading this paragraph attached to the "open" invitation last month: "We reiterate our previous position that the portrayal of Google as the sole privacy offender is incorrect and misguided. Such an interpretation misses our key finding that the Internet is awash with companies that demonstrate poor privacy practice. Though Google is particularly poor in many areas of its approach to privacy, it places more favorably in others (e.g. leadership by not handing over piles of data to the U.S. Government). But Google is just one of the many. The extensive commentary on our consultation report demonstrates that perception of privacy on the Internet is polarized. The question that remains is how do we constructively and cooperatively move forward to fix the damage that is being wrought."
Like the members of Microsoft's future "opt-out" list, the search providers who opt out of PI's conference today may very well be conspicuous by their absence.