Putting Privacy First in 2013

As 2012 draws to a close, we’re starting to see a number of “year-in-review” pieces recapping key developments in the tech industry over the past 12 months. One item that I think deserves to be near the top of these year-end lists is an issue to which we and others have been paying especially close attention.

Online privacy.

We continue to strive to put privacy first for our customers, while recognizing that providing consumers with more choice and control of their privacy requires strong collaboration with a number of stakeholders. We often have a unique perspective in these discussions: We have billions of paying customers, as well as a thriving advertising business.

We’re looking ahead to 2013 to continue our efforts to put our customers front and center with respect to privacy, while also working with the World Wide Web Consortium (W3C), consumer groups, the advertising industry, and government officials to seek a clear path forward. But first, let’s look at some of the progress made this year, and what future success could look like.

Earlier this fall, I had the opportunity to participate in the 34th International Conference of Data Protection and Privacy Commissioners in Uruguay. The timing of this opportunity to address a gathering of privacy officials from around the world was fortuitous: It came just a few months after we announced we would release Internet Explorer 10 with the Do Not Track (DNT) signal enabled.

The DNT technology, together with Tracking Protection Lists, follow our commitment to innovate around privacy to give consumers more control of their personal information online, something our customers overwhelmingly say they want. A recent Microsoft survey bears this out: Fully 75 percent of consumers we surveyed in the U.S. and Europe said they wanted DNT “on.” Similarly, a recent Pew Research study found that 56 percent of consumers decided not to complete an online transaction because of the data they were expected to share.

Even so, it will take our collective efforts to give consumers the control they’re asking for. As we acknowledged at the time, enabling the signal is only part of the solution. The second is how we and others respond to the request when they encounter it. That’s why I called out four areas in my speech that we believe need to be addressed if meaningful tracking protection is to be implemented effectively: 

· We need a final and effective DNT standard that is adopted by the W3C.

· Privacy will benefit if we all recognize that browser vendors should have the ability to turn the DNT signal on or off when they release a product or service.

· Browser vendors should clearly communicate to consumers whether the DNT signal is turned on or off and make it easy for them to change the setting.

· There needs to be an easy and effective way for responsible advertisers and ad networks to inform consumers and obtain persistent consent for their services when the DNT signal is turned on. 

Since our announcement, we’ve heard from a variety of voices about our decision. We’re listening. While we remain steadfast in our decision to enable the DNT signal in IE 10, we also recognize that turning the signal on is only the first step. To achieve the full value and benefit of DNT, the industry needs to fully implement a response to the signal.

As Microsoft continues work on its own implementation, we are committed to working with others to develop a consistent, agreed upon response so that DNT works for consumers, while giving them the choice and flexibility they say they want.

One possible implementation may be an effort already underway by the W3C to establish standards for what I’ll call a “permissions API,” a mechanism to give consumers more fine-grained control over their privacy and allow them to give specific permission to individual websites, businesses and organizations to collect information, even when DNT is on. This is a strong option, but only if the outcome respects the initial intent behind enabling the DNT signal in the first place.

We’re encouraged that the W3C is taking the next step in the process to define a response to the DNT signal.  We believe gaining explicit permission from consumers to collect their information through enabling some form of a permissions API is the right path forward for online behavioral advertising. In addition, we are looking forward to working with the new incoming co-chair of the W3C’s tracking protection working group, Peter Swire, an internationally recognized expert in privacy law, and all participants in the W3C, to develop and implement the right response.

I’d also like to say that – in many important respects – the fact that DNT has been hotly debated during the past several months is actually a good thing. This type of debate sheds light on a complicated issue and gives everyone involved the opportunity to come up with the best possible solution, one that will facilitate individual choice and allow for the continued creation of great content on the Web.

Looking ahead, I’m hopeful that 2013 will be the year in which a self-regulatory approach to online privacy succeeds. Otherwise, the alternative is a patchwork of regulations imposed by governments around the globe and less protection than consumers deserve and privacy advocates desire.

Going forward, Microsoft is committed both to continuing to innovate around privacy and collaborating across the industry to give consumers the choice and control they clearly say they want. Done right, online privacy and the economic model that supports the free Web can take a big step forward.

About the Author

General Counsel & Executive Vice President, Legal and Corporate Affairs, Microsoft

Brad Smith is Microsoft's General Counsel and Executive Vice President of Legal and Corporate Affairs. He leads the company's Department of Legal and Corporate Affairs (LCA), which has approximately 1,100 employees located in 55 countries. Mr. Smith is responsible for the company's legal work, its intellectual property portfolio and patent licensing business as well as its government affairs and philanthropic work. He also serves as Microsoft's corporate secretary and its chief compliance officer. Mr. Smith currently co-chairs the board of directors of Kids in Need of Defense (KIND) and is the chair-elect of the Leadership Council on Legal Diversity. In Washington state, Mr. Smith has served as chair of the Washington Roundtable, a leading Washington state-based business organization, and he has advanced several statewide education initiatives.