Microsoft Releases Guidelines for Customer Privacy

Microsoft publicly released a 49-page internal document, called Microsoft’s Privacy Guidelines for Developing Software Products and Services outlining recommendations for both Micorsoft and other software developers to help them protect customer privacy when building applications that deal with sensitive information, such as Web sites or Web-based features that send personal information over the Internet. Here is an excerpt from the introduction:

Protecting customer privacy is critically important.   In many areas of the world, privacy is considered a fundamental human right.   Additionally, protecting customer privacy can increase loyalty and be a market differentiator.

Customers are getting increasingly frustrated with software and Web sites that do not clearly communicate the behaviors that impact customer privacy and the controls available to them.   Currently, there are no industry-wide practices to help standardize the user experience and the software development process.  For some, ignoring this growing frustration has led to an erosion of trust, negative press, and even litigation.

The software industry as a whole would benefit from establishing a higher bar for respecting customer privacy.  Giving customers more information about how their privacy may be impacted (i.e. transparency) coupled with improved controls can empower customers and raise their level of trust.  At the same time, it is important not to annoy customers with a barrage of notices that ultimately may be ignored.

The purpose of this document is to propose a baseline for establishing this higher bar.  It offers guidance for creating notice and consent experiences, providing sufficient data security, maintaining data integrity, offering customer access, and supplying controls when developing software products and Web sites.  These guidelines are based on the core concepts of the Organisation for Economic Co-operation and Development (OECD) Fair Information Practices and privacy laws such as the EU Data Protection Directive, the U.S. Children’s Online Privacy Protection Act of 1998 (COPPA), and the U.S. Computer Fraud and Abuse Act (as amended 1994 and 1996).  In the interest of developing a common set of industry best practices for privacy, we invite the community and other interested parties to participate in an open dialogue.

This document is only a starting point; there are other important topics that are not yet addressed such as adware  and location based services .  With the help of industry and subject matter experts, improvements and additional topics can be incorporated over time.

We’ve been calling on Google to take a leadership role within the web industry on user privacy. Seem Microsoft beat them to it. I’ll have time for a closer reading of this later, and will post my thoughts then.


  1. Pingback: Privacy Digest: Privacy News (Civil Rights, Encryption, Free Speech, Cryptography)

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s