Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
Tel 425 882 8080
Fax 425 936 7329
http://www.microsoft.com/
December 16, 2012
Mr. Timothy Pilgrim
Australian Privacy Commissioner
GPO Box 5218
Sydney NSW 2001
Dear Commissioner Pilgrim,
Thank you for your letter of November 13, 2012. We appreciate this feedback, and we have carefully
considered each of your questions and suggestions. Our response is set out below.
Applicable Privacy Policy
We welcome your endorsement of having product-specific privacy statements. With each product
launch, we assess whether we need to deploy such statements based on criteria that include whether
the product collects and processes data in a unique way, customer expectations, and the overall impact
of the technology on privacy. We opt for product-specific statements where we conclude that these are
necessary for our customers to understand better how we collect and use their data.
In your letter, you also observe that users of some of our products -- specifically, users of Microsoft
Photo Gallery, Microsoft Movie Maker, Microsoft Mail Desktop, Microsoft Writer and Windows Live
Manager -- could be confused by the link labeled “Privacy & Cookies” at the bottom of the
Microsoft.com website pages through which we make these products available for download. Your
point is well taken and we are working on addressing it.
The “Privacy & Cookies” link, which is part of the standard Microsoft.com footer, takes users to the
Microsoft.com Privacy Statement.1 The Microsoft.com Privacy Statement governs Microsoft’s use of
data that we collect when customers visit our websites. We believe that it is important that visitors to
our website can identify and easily access the privacy statement that applies to data generated by their
visit. We think it is appropriate, and necessary, to continue to make this link available in the
Microsoft.com footer.
1
The Microsoft.com Privacy Statement is available at: http://www.microsoft.com/privacystatement/enau/core/default.aspx.
We also can see that, as you suggest, customers may be confused by the link to the Microsoft.com
Privacy Statement on the product page. Currently, we point customers to the relevant privacy
statement that governs our use of data collected through the products listed above (the Microsoft
Online Privacy Statement or “MOPS” 2) via a link from a pop-up that appears on the customer’s screen
immediately after they start installing the software.3 In the next versions of the download pages for the
products listed above, we will seek ways to make this statement even more prominent, [possibly by
adding a link to the MOPS near the “Download now” button]. This should help reiterate to customers
that their use of the products listed above is governed by the MOPS, and not by the Microsoft.com
Privacy Statement.
Data Retention
You also suggest that Microsoft take certain steps to clarify our practices regarding the retention and
deletion of customer data. In response to your suggestions, we have reviewed our practices and the
information we provide to customers, and we identified some inconsistencies and opportunities for
improvement. We intend to roll out those improvements, as described below, by the end of January
2013.
Inactive accounts
In your letter, you asked about the retention period for inactive accounts. To describe our practices, it is
important to distinguish between an email account and a “Microsoft account.” An email account is just
what it sounds like – an account for one of our consumer email services – Hotmail or Outlook.com. A
Microsoft account can be used to sign into many of our online services including an email account, but
also other services like Messenger or Xbox Live.
For inactive email accounts, the retention timeframe is currently 270 days, as referenced in the MSA. To
be clear, if someone doesn’t log into their email account for 270 days, after that point their email will be
deleted. At any point in that 270 day period, the individual may log into their Hotmail or Outlook.com
account and have full access and the account is no longer considered inactive.
But the Microsoft account associated with that email account remains, even after 270 days when the
email account is deleted. If a user abandons a Microsoft account (and doesn’t use it for other services
such as Messenger or Xbox Live), then the Microsoft account will be deleted after 365 days of inactivity.
We believe the difference between the two different data retention timeframes – 270 days for inactive
email accounts vs. 365 days for inactive Microsoft accounts – can be simplified. So in order to be able to
2
The MOPS is available at: http://privacy.microsoft.com/en-au/fullnotice.mspx.
3
For ease of reference, we have provided a screenshot of the relevant screen in the attached Appendix.
2
provide clear, simple and understandable information to users, we’ve decided to move to a 365dayretention period, for both types of inactive accounts.
Some customers have expressed to us that they expect their email accounts to be waiting for them even
if they haven’t used them in several years, while others have told us they sign in only once a year. But
we believe that in the vast majority of cases, accounts that have been inactive for a full year have been
abandoned, and so we believe 365 days strikes an appropriate balance for inactive accounts.
Consistent with your feedback we also intend to update the information we provide to customers to
clearly inform them that accounts that remain inactive for 365 days will be deleted.
Termination of an account
You also suggest that we provide users with similar information in the event a user affirmatively chooses
to close or delete an account. In the course of reviewing our policies and practices, we discovered that
data was being retained in this scenario longer than we intended. In particular, when a user deleted his
or her account, that account was flagged as inactive, and aged out according to the timeframes for
inactive accounts described above. As a result, the user’s messages were retained for 270 days until the
email account was deleted.
We want to emphasize that although the data was retained longer than intended, there is no indication
that the data was used, improperly accessed or disclosed. We are aware of no consumer complaints as
a result of this discrepancy.
Going forward, as with the inactive account scenario, we are committed to establishing a consistent and
clear policy that we can communicate to users. And here too, an appropriate balance must be struck in
determining the proper retention timeframe.
A user who chooses to close an account, unlike one who simply lets it become inactive, most likely
expects the account and associated email messages to be deleted in relatively short order. However,
we also have to consider that some users close accounts by mistake. Or they may change their minds
soon after they close the account. Additionally, we must design for the possibility of account
compromise and abuse, e.g., having the account taken over by a malicious party who then deletes data
and/or closes the account. Balancing all these factors, we have determined that we will retain a copy of
the data for 60 days, and we are in the process of implementing this policy. Under this approach,
although the account will appear closed to the user, it would be possible for customer support agents to
recover the account and associated email for up to 60 days.
At the next opportunity to update the information we provide to users, we will, consistent with your
suggestion, clearly inform them of this retention policy.
3
Privacy Feedback Form
In relation to the Privacy Feedback Form, you recommend that we do a better job of ensuring that
customers can use the Form to ask that their personal information be deleted.
We offer the Privacy Feedback Form as a way for our customers to communicate directly with us about
our privacy practices across our diverse range of products (we list over 80 products in the Form’s drop
down menu). We have tended to describe the Privacy Feedback Form in general terms in order to avoid
limiting or pre-empting how customers use it. In light of the Form’s broad purpose, we do not want to
overemphasize use of the Form for just one function, i.e. deletion. That said, having reviewed both the
MOPS and the Bing Privacy Statement (the “BPS”4), the two statements that govern the Microsoft
services covered by the Microsoft Services Agreement, we believe that we can make a simple change to
the MOPS that will make clearer our practices regarding requests for deletion via the Form.
Specifically, in the BPS, we commit that where customers choose to request deletion through the
Privacy Feedback Form, “We will respond to requests to . . . delete your personal information within 30
days.” When we next update the MOPS, we will include a similar commitment. This change should
provide our customers with greater clarity about our practices in relation to deletion requests.
Biometric Information
Thank you for your guidance as to the collection and processing of biometric data under Australian law.
In reviewing your comments and our initial response, we realize that we should have explained a
fundamental point more clearly in our previous letter: while Microsoft Photo Gallery does use facial
recognition technology, this technology only operates on the photo tagging information stored on the
customer’s end device. Microsoft does not collect, and cannot access or receive, this photo tagging
information, which remains on the customer’s end device at all times. Because we do not collect or
process biometric data via Microsoft Photo Gallery, we are silent on biometric data in the MOPS.
*
4
*
*
The BPS is available at: http://www.microsoft.com/privacystatement/en-gb/bing/default.aspx.
4
Thank you for corresponding with us about Microsoft’s privacy practices. We are always looking for
ways to improve transparency and strengthen privacy protections for our customers, and we appreciate
your guidance in this regard. We are happy to have a call with you if you have any further questions.
Yours sincerely,
Brendon Lynch
Chief Privacy Officer
5
Appendix: Screenshot of Pre-Installation Link to the Microsoft Online Privacy Statement for
Microsoft Photo Gallery, Microsoft Movie Maker, Microsoft Mail Desktop, Microsoft Writer
and Windows Live Manager
The screen below pops up immediately after the customer starts to install any of the above
products. The relevant link to the MOPS is the hyperlink at the bottom of the screen below -we have identified it here with a red rectangular border. Note that there is also an adjacent link
to the MSA.
6