Microsoft will roll out 'key' GDPR rights globally... not just in Europe
The clock is ticking for the arrival of GDPR (or General Data Protection Regulation) in Europe. As of May 25 -- this Friday -- new regulations will give people greater access to the data companies store about them and the right to have it deleted.
Microsoft is among the global technology firms that will have to comply with the laws in Europe and -- pointing out how it appreciates "the strong leadership by the European Union on these important issues" -- the company says that it will also roll out some of the benefits of the privacy legislation on a global basis. It will be known as Data Subject Rights.
- Spectre and Meltdown variant 4: Microsoft, Google and Intel reveal new Speculative Store Bypass chip vulnerability
- Microsoft unveils SharePoint spaces to help anyone create mixed reality experiences
- Microsoft acquires AI startup Semantic Machines to help boost Cortana
- Microsoft is said to be working on a cheap Surface tablet to compete with the iPad
Microsoft's corporate vice president and deputy general counsel, Julie Brill, says that the company believes that privacy is a fundamental human right, and also the foundation of trust. It is with this in mind, and having worked with over 1,600 engineers over the last couple of years to ensure GDPR compliance, that Microsoft "will extend the rights that are at the heart of GDPR to all of our consumer customers worldwide".
Known as Data Subject Rights, they include the right to know what data we collect about you, to correct that data, to delete it and even to take it somewhere else. Our privacy dashboard gives users the tools they need to take control of their data.
She goes on to say that Microsoft has a new privacy statement that applies to customers around the world:
This week, we have also published an updated privacy statement governing our consumer products and services. The new privacy statement reflects our decision to extend key rights under GDPR to consumers around the world. It also incorporates more specific information and changes related to GDPR. But perhaps most importantly, it is designed to be clearer and more transparent. You can read the new privacy statement here.
A breakdown of the changes that have been introduced to the Privacy Statement this month reveals what's new for customers globally:
- We made edits throughout the privacy statement intended to improve transparency and readability. For example, we:
- added new categories of personal data we collect, such as voice data, content consumption data, and browse history;
- added new uses of personal data;
- simplified text and eliminated duplicative text and qualifiers such as "we may";
- added navigation cues, like bullet points, to highlight key points and reduce reader fatigue; and
- improved consistency in the language used describe similar concepts.
- We added language required by the EU General Data Protection Regulation (GDPR). For example, we now:
- describe individuals’ rights to access their data, which applies regardless of location;
- describe the legal bases for Microsoft’s data processing, including under the GDPR’s legitimate interests provisions, and the purposes of our processing of personal data; and
- specify the choices individuals have with respect to sharing personal data with Microsoft, along with the consequences of sharing and Microsoft’s data processing.
- In the Personal Data We Collect section, we:
- added language to direct customers to the appropriate sections of the privacy statement;
- added new examples of third-party sources of personal data; and
- updated the descriptions of types of personal data we collect.
- In the How We Use Personal Data section, we:
- clarified how Microsoft uses data generally, using concepts from the data taxonomy framework in the ISO 19944 international standard;
- clarified our policies around storing unauthenticated data and authenticated data; and
- updated specific descriptions of how Microsoft uses personal data. For example, we added text to describe how we use personal data for promotional communications and legal compliance, and we provided information about where Microsoft uses automated systems to process personal data. Additionally, we moved some details about our advertising practices to a separate section under Other Important Information.
- In the How to Access & Control Your Personal Data section, we described how customers can access their personal data and made the text applicable to all customers, regardless of their location.
- In the Cookies and Similar Technologies section, we updated the description of the cookies Microsoft uses.
- In the Notice to End Users section, we clarified cases when organizations, like an employer or school, have access to an individual’s personal data.
- In the Microsoft Account section, we clarified the differences between the three types of Microsoft accounts.
- In the Other Important Privacy Information section, we:
- moved the contents of the European Privacy Rights subsection to the How to Access & Control Your Personal Data and How to Contact Us sections.
- added a section called Advertising, using text from the original How We Use Personal Data section, to describe Microsoft’s advertising practices and commitments;
- updated information on how Microsoft processes children’s personal data;
- clarified how and when Microsoft makes changes to the privacy statement;
- identified which Microsoft entities are data controllers under the GDPR, how to contact us, and how to lodge a complaint.
- In the Enterprise and Developer Products section, we:
- described how basic, aggregated account information related to Enterprise Online Services may be shared with authorized partners in certain circumstances.
- identified that Microsoft is a data processor under the GDPR when providing the Enterprise Online Services.
- In the Office and Skype sections we described new features and updated how existing features and functionality process personal data. For example, we explain how Cortana words in Skype.
- In Search and Artificial Intelligence, we described our most current features and functionality. For example, in the Cortana subsection, we described the personal data Microsoft collects from users who are signed in and signed out of the service.
- In the Windows section, we removed text about a service, Wi-Fi Connecting to suggest open hotspots, that is no longer available. Under Web Browsers, we described the type of browser data that syncs across devices.
- In the Entertainment and Related Services section, we updated how existing features and functionality process personal data and provided new information on Xbox, Xbox Live, and Mixer.