Since GDPR came into effect in May 2018, citizens living in the European Union have inundated Microsoft with requests to know exactly what data is being collected by its major products and services. In order to respond to this ongoing onslaught of requests, Microsoft has decided to simplify and overhaul some of its data practices. Microsoft explains:
“As we listened to the feedback, we came to appreciate that we could do more to meet our customers’ needs. While we publish significant information already, we’ve realized that customers want a simpler experience – information should be easier to find, easier to understand, and easier to act on through the tools we provide.”
In order to allow consumers to understand what data is being collected and for what purposes, Microsoft has announced three new ways in which it is going to increase transparency and give consumers further control over what data is collected.
New data Categories
When people use Microsoft services and products, some data is collection is necessary in order for the firm to carry out the functions and purposes for which the consumer is using those products. This includes data such as the consumer's IP address - which is needed in order to pass data back to the consumer via the internet.
Microsoft provides other examples of necessary data:
- The terms of a search query so that they can return relevant search results.
- The type and version of the consumer’s device so that they can provide connectivity to their cloud services and security patches that keep consumers safe and secure.
- Diagnostic data so that the firm can detect important feature malfunctions.
In order to distinguish between data that is necessary for it to provide services and functions and other non-essential data, Microsoft has decided to split all data that is processed into two distinct categories: “optional” and “required”.
Optional category data
By adding clear labels about what data is optional, Microsoft will give consumers the chance to opt out of any data that is provided that is nonessential to using its services and products. This is designed to allow consumers to minimized the data collected on them.
Microsoft explains that the ability to opt out of this optional category data will be independent of the ability to opt out of specific functions and services. In addition, Microsoft promises that consumers will be given a chance to change those setting as they go along:
“We’ll also make it easier for customers to change their minds about optional data collection after the initial product setup on their devices.”
In its blog post, Microsoft reminds consumers that some “optional” data is collected to legitimately improve user experience. Despite this, consumers are going to be given the opportunity to opt out:
“We think there are compelling reasons for people to share this optional data, because it creates the opportunity for new and richer experiences. But we want people to understand what’s happening and to have the opportunity to make this choice for themselves.”
Opt out of features and their required data
To give consumers even more control over their data, Microsoft will allow users to opt out of providing certain data sets that are considered “required.” The caveat being, that doing so will mean opting out of using particular features and services.
“We are working on providing additional configuration options that will give customers more control over the collection of data that’s required for certain features or functions.”
In a bid to improve transparency across its platforms, Microsoft will also set about improving its documentation. This will improve consumers’ ability to access information about how and why both “required” and “optional” data is collected.
The documentation will also include specific details about what data falls into each of the two new categories. Consumers will be able to access that newly improved documentation on its website and in its enterprise Trust Center.
An official new report
Finally, Microsoft has promised to publish an official data report twice a year. That report will explain what new required data is being collected and why; including listing data it is collecting or that it has stopped collecting in order to comply with new data privacy laws.
“This report will highlight any new required data collection we believe is fundamental to provide, secure, update or maintain the performance of our products.”