Today we are announcing new steps to give customers increased transparency and control over their data that is used by Microsoft’s major products.
Privacy is one of the defining issues of our time. As technology becomes more engrained in our lives and our work, people want to understand how and why their data is collected and used, and they want to be able to make appropriate choices. We have longstanding commitments to privacy and have regularly taken steps to give customers more information and more choice, including, for example, being the first large company to voluntarily extend strong privacy protections to customers around the world. Our Trusted Cloud is built on our commitments to privacy, security, transparency and compliance, and our Trust Center provides access to validated audit reports, data management capabilities and information about the number of legal demands we received for customer data from law enforcement.
At the same time, we are always looking for opportunities to do more. In recent months we’ve heard from customers – especially those in Europe – with questions about the data that is collected from their devices when they use our products and services. These are good and fair questions and, as we listened to the feedback, we came to appreciate that we could do more to meet our customers’ needs. While we publish significant information already, we’ve realized that customers want a simpler experience – information should be easier to find, easier to understand, and easier to act on through the tools we provide.
To address this feedback, today we are announcing three ways we’re increasing transparency and control for our customers:
Categorizing the data we collect as ‘required’ or ‘optional’
First, for all our major products, we’ll categorize the data we collect from devices as either required or optional.
Data in the required category will consist of data that is necessary to making our products and services work as expected by the customer, or to help ensure their security. Required data includes things like the terms of a search query so we can return relevant search results, the IP address, type and version of your device so that we can provide connectivity to our cloud services and security patches that keep your experience safe and secure, and diagnostic data so that we can detect significant feature failures.
In some cases, a customer can control whether required data is collected by deciding whether to use the product features or functions that depend on that required data. For example, if an enterprise customer uses Office 365 with document storage and collaboration in the cloud, we will collect the data required to keep an employee’s documents secure and synced across all her devices. We focus on creating controls over features and functions that make sense for our customers and are always open to feedback on what might work better for them. We are working on providing additional configuration options that will give customers more control over the collection of data that’s required for certain features or functions.
Data in the optional category will not be essential to the product or service experience, and customers will be able to control the collection of optional data independently from choosing to use specific product features or functions. We will enable customers to decide whether to allow such collection at product setup for our major products and services. We’ll also make it easier for customers to change their minds about optional data collection after the initial product setup on their devices. Examples of optional data include data we collect about the pictures people are inserting into Word documents to provide better image options and about the time it takes for a PowerPoint slide to appear on your screen so we can improve the experience if it’s slow. We think there are compelling reasons for people to share this optional data, because it creates the opportunity for new and richer experiences. But we want people to understand what’s happening and to have the opportunity to make this choice for themselves.
Increasing transparency about the data we collect from devices
Second, we will increase transparency about the data we collect by improving product documentation. Specifically, we’ll ensure that documentation for our major products and services describes the data we collect in each of these categories.
We’ll improve upon our existing documentation practices, to describe what we collect in these two categories, in ways that are easy to understand, and to explain why data in the required category is necessary. And we will consolidate and present this information to make it easier to find. All customers will be able to access this information through our privacy.microsoft.com hub, or in our enterprise Trust Center.
New biannual report describing changes to our data collection
Third, we’re introducing a new report that will be published twice a year at privacy.microsoft.com. This report will highlight any new required data collection we believe is fundamental to provide, secure, update or maintain the performance of our products. We will also note instances when we stop collecting certain types of data from devices (because product or service changes mean the data is no longer required). Last, we will explain when we make changes to our data collection in response to new privacy laws, industry standards and regulations.
We continue to hear from a range of customers about the importance of transparency, so these reports will apply both to consumer and enterprise major products. We hope these reports will help customers understand the value they receive when our products collect data so they can make informed decisions.
In the coming months we will begin rolling out these changes – to categorize our data collected off of devices as “required” or “optional,” offer choices about the collection of “optional data,” and provide increased documentation and reporting – for Windows 10 and Office 365 ProPlus, two of our flagship products and platforms, with additional changes to follow for products such as Xbox and Dynamics 365.
Responding to feedback
It’s clear customers around the world care about privacy. Indeed, we’ve experienced an unprecedented level of interest from customers in using the data management tools that we currently offer. For example, since May 2018, over 10 million people have used our Privacy Dashboard to see what data Microsoft maintains about them, to edit or delete that data, or to take that data somewhere else.
Over that same time frame, we’ve made progress to provide our customers with more transparency and control. For example, we unveiled a new Windows 10 Diagnostic Data viewer to give customers more insight into diagnostic data coming from Windows devices, launched a new Windows 10 setup experience providing clearer privacy choices on a wider range of features, brought a new setup experience to Office 365 ProPlus, introduced a data export tool that helps our enterprise customers fulfill their privacy obligations to their own customers or users, and enabled additional error reporting options in Xbox. Many of these changes are informed by the feedback we receive from customers, which we value. If there’s something you think we can do to make it easier for you to take control of your privacy, please tell us about it here.
In addition to improving transparency and control for how we collect data, we also continue to evaluate how we use data as part of our strong commitment to legal compliance and meeting or exceeding our customers’ evolving expectations. We recognize data use is an additional area where we have some customers that want more options. We will follow up on the changes we’re announcing today about our data collection by continuing to look at ways to evolve how we provide transparency and control over our data use.
We hope these steps we are announcing today will be useful to customers, responsive to the questions and feedback we’ve received, and reflective of our commitment to continually build on and improve the materials and tools we provide to our customers to inform them of our privacy practices and give them control over the collection and use of their personal data. We’re committed to staying focused on this issue and making changes and improvements as needed to serve our customers.