Microsoft found itself facing criticism this week over privacy issues, thanks to some poorly explained changes to its terms of service. The new terms, which took effect on Friday, say they allow the software giant to combine data about users across platforms.
Microsoft wants to be able to draw on a broad array of data to improve its services and combat malware. But the sweeping language in the new terms leaves open the possibility that the company can -- for the first time -- decide which ads to send people based on their Hotmail messages.
The company says it has no intention of targeting ads based on the contents of email (or other personal documents), but acknowledged on Monday that it "could have been clearer about this" in the new terms of service. "We will update the agreement as soon as possible to make that point absolutely clear," the company said in a statement.
But completely apart from the new terms of service, Microsoft has long aggregated data across multiple platforms -- including Xbox and Bing -- in order to target Windows Live users anonymously. (Although the company links data, it says it does so in a way that preserves anonymity.) In fact, as far back as 2005, the company said it intended to incorporate behavioral targeting into paid-search results.
Those aspects of Microsoft's ad capabilities seemed to have escaped scrutiny until this week. But the company's change in terms prompted Rep. Ed Markey (D-Mass.) to demand answers from Microsoft about how it personalizes ads.
In a letter to CEO Steve Ballmer sent Monday, Markey says he is concerned about the privacy and security implications of "aggregating information about consumers across a suite of Microsoft services, stitching together detailed, in-depth consumer profiles.”
Markey specifically wants to know what information will be collected and how it will be used. Even if Microsoft has aggregated data for a while, Markey is raising legitimate questions that deserve answers.
Microsoft also should consider taking a cue from Google and consolidating its privacy policies. Currently the company has one lengthy main privacy policy and 16 separate product-specific policies, The New York Times reports. With information spread out over that many documents, it's no wonder people are hazy about the company's practices.