Putting Privacy First in 2013

Posted by Brad Smith
General Counsel & Executive Vice President, Legal & Corporate Affairs, Microsoft

As 2012 draws to a close, we’re starting to see a number of “year-in-review” pieces recapping key developments in the tech industry over the past 12 months. One item that I think deserves to be near the top of these year-end lists is an issue to which we and others have been paying especially close attention.

Online privacy.

We continue to strive to put privacy first for our customers, while recognizing that providing consumers with more choice and control of their privacy requires strong collaboration with a number of stakeholders. We often have a unique perspective in these discussions: We have billions of paying customers, as well as a thriving advertising business.

We’re looking ahead to 2013 to continue our efforts to put our customers front and center with respect to privacy, while also working with the World Wide Web Consortium (W3C), consumer groups, the advertising industry, and government officials to seek a clear path forward. But first, let’s look at some of the progress made this year, and what future success could look like.

Earlier this fall, I had the opportunity to participate in the 34th International Conference of Data Protection and Privacy Commissioners in Uruguay. The timing of this opportunity to address a gathering of privacy officials from around the world was fortuitous: It came just a few months after we announced we would release Internet Explorer 10 with the Do Not Track (DNT) signal enabled.

The DNT technology, together with Tracking Protection Lists, follow our commitment to innovate around privacy to give consumers more control of their personal information online, something our customers overwhelmingly say they want. A recent Microsoft survey bears this out: Fully 75 percent of consumers we surveyed in the U.S. and Europe said they wanted DNT “on.” Similarly, a recent Pew Research study found that 56 percent of consumers decided not to complete an online transaction because of the data they were expected to share.

Even so, it will take our collective efforts to give consumers the control they’re asking for. As we acknowledged at the time, enabling the signal is only part of the solution. The second is how we and others respond to the request when they encounter it. That’s why I called out four areas in my speech that we believe need to be addressed if meaningful tracking protection is to be implemented effectively: 

· We need a final and effective DNT standard that is adopted by the W3C.

· Privacy will benefit if we all recognize that browser vendors should have the ability to turn the DNT signal on or off when they release a product or service.

· Browser vendors should clearly communicate to consumers whether the DNT signal is turned on or off and make it easy for them to change the setting.

· There needs to be an easy and effective way for responsible advertisers and ad networks to inform consumers and obtain persistent consent for their services when the DNT signal is turned on. 

Since our announcement, we’ve heard from a variety of voices about our decision. We’re listening. While we remain steadfast in our decision to enable the DNT signal in IE 10, we also recognize that turning the signal on is only the first step. To achieve the full value and benefit of DNT, the industry needs to fully implement a response to the signal.

As Microsoft continues work on its own implementation, we are committed to working with others to develop a consistent, agreed upon response so that DNT works for consumers, while giving them the choice and flexibility they say they want.

One possible implementation may be an effort already underway by the W3C to establish standards for what I’ll call a “permissions API,” a mechanism to give consumers more fine-grained control over their privacy and allow them to give specific permission to individual websites, businesses and organizations to collect information, even when DNT is on. This is a strong option, but only if the outcome respects the initial intent behind enabling the DNT signal in the first place.

We’re encouraged that the W3C is taking the next step in the process to define a response to the DNT signal.  We believe gaining explicit permission from consumers to collect their information through enabling some form of a permissions API is the right path forward for online behavioral advertising. In addition, we are looking forward to working with the new incoming co-chair of the W3C’s tracking protection working group, Peter Swire, an internationally recognized expert in privacy law, and all participants in the W3C, to develop and implement the right response.

I’d also like to say that – in many important respects – the fact that DNT has been hotly debated during the past several months is actually a good thing. This type of debate sheds light on a complicated issue and gives everyone involved the opportunity to come up with the best possible solution, one that will facilitate individual choice and allow for the continued creation of great content on the Web.

Looking ahead, I’m hopeful that 2013 will be the year in which a self-regulatory approach to online privacy succeeds. Otherwise, the alternative is a patchwork of regulations imposed by governments around the globe and less protection than consumers deserve and privacy advocates desire.

Going forward, Microsoft is committed both to continuing to innovate around privacy and collaborating across the industry to give consumers the choice and control they clearly say they want. Done right, online privacy and the economic model that supports the free Web can take a big step forward.

Comments (10)

  1. Mike Galos says:

    Bravo. Thank you for recognizing that users' privacy is more important than the ability for advertisers to buy and sell users' information in secret.

  2. wesleyb says:

    Isn't a "Permissions API" essentially P3P?

  3. Bob Gellman says:

    Microsoft deserves a lot of credit for taking its stance on DNT and for sticking to it.  Companies all over the Internet use default settings in ways that promote their own interests and that ignore or harm consumer interests. However, when Microsoft said that it would use a default to help consumers and give them what they want, many of the same companies screamed foul.  Too many Internet companies are only interested in promoting unfair one-sided privacy policies and meaningless privacy self-regulation.  I hope that other companies will step forward and support the Microsoft DNT decision.

  4. Craig Spiezle says:

    We support DNT and the importance of the industry adopting meaningful self regulatory efforts. Collectively we need to look at the long-term impact to data collection and consumer choice and control.  DNT and other privacy enhancing measures will have positive long-term impact to business and innovation. Thank you for your continued support.  

  5. Shawn Michaels says:

    Well, this is a very helpful post. Thanks for the information you provided. It would be great if got more post like this. Nice and wonderful pictures and comments as well. Thanks for sharing with all. BY – <a href="http://www.web2fit.com/"&gt; Web Solutions Services </a>

  6. Chris says:

    As a consumer, I appreciate Microsoft's stance on do-not-track to give users some control over their personal data. Technology and data collection are numerous steps ahead of ordinary individuals. Consumers need this and other safeguards from abuses. Microsoft knows that it can innovate and make a profit while limiting intrusion in people's lives. DNT is a good first step.

  7. Susan Grant says:

    Microsoft should be applauded for its stand on Do Not Track. Many companies talk about "empowering" consumers to control their personal information, but what does that really mean? True empowerment starts with companies recognizing that consumers have the right to browse the Internet free of surveillance and that they should be asked before information about their online activities is collected. Microsoft gets that, and is trying to provide consumers with an easy way to exert real control. Other companies that say they want to give consumers meaningful choice should honor the expression of their choice that their browsers signal.  

  8. Fred Andrews says:

    I don't think Brad is championing privacy, read again.  I think Brad is limiting the scope to solutions that protect the status quo and I don't think these will deliver any meaningful privacy for users.  See his concluding comment 'the economic model that supports the free Web' which sets his direction and limits the scope of solutions he is prepared to accept.  Sorry Brad, but I refuse to accept your narrowing of the scope.  The W3C Private User Agent Community Group (PUA CG) is working to secure the web browser from covert monitoring and also expects to deliver a platform that supports advertising supported content – all by just giving users choice and security.  Dream free 2013.

  9. james says:

    Don't care what anyone says – I think Microsoft is to be applauded for their stance on this issue. I support anything that will keep scurvy advertisers at bay and protect (even if by a little bit) my privacy.

  10. shubham pal says:

    my computer internet explorer provelem

Skip to main content