MICROSOFT is moving to protect consumer privacy in web search and advertising and has called on the internet industry to support it.
Microsoft said it was responding to public concern over the recent consolidation of the online ad industry as well as stepped-up interest from government regulators in its call for a comprehensive rather than piecemeal approach to privacy.
"We think it's time for an industry-wide dialogue," Peter Cullen, Microsoft's chief privacy officer, said in an interview. "The current patchwork of protections and how companies explain them is really confusing to consumers."
Specifically, Microsoft said it would make all web search query data anonymous after 18 months on its "Live Search" service, unless it receives user consent to store it longer. The policy changes are retroactive and worldwide, it said.
Microsoft planned to store customer search data separately from data tied to people, email addresses or phone numbers and take steps to ensure no unauthorised correlation of these types of data could be made. It would also permanently remove "cookie" user identification data, web address, or other identifiers.
"Microsoft is going to do a more thorough scrub of customer data once it is too old," said Peter Swire, a law professor at Ohio State University who served as US privacy czar in the 1990s. "Previously, the practice was to do a partial scrub."
As part of Microsoft's push, Ask.com, the web search business of Barry Diller's IAC/InterActiveCorp, has agreed to join Microsoft in calling on the industry to adopt a common set of privacy practices for data collection, commercial use and consumer protection in search and online advertising. Last week, it unveiled AskEraser, a service that will allow Ask customers to change their privacy preferences at any time.
Microsoft's initiatives follow recent moves by Google, the dominant provider of web searches and the company most under fire by privacy advocates concerned at how rapid advances in search technology may pose unprecedented threats to consumer privacy.
Google set in motion industry efforts to limit how long web search data is stored by being first to say it will in the future cleanse personal information from its databases after 18 months. Microsoft is one-upping Google by making its move retroactive.
Google has stepped up its own efforts to reach compromises with European Union and US policy-makers in recent months.
Microsoft said it was taking new steps to notify users how technologies affected them, giving users more specific controls over their privacy and setting tighter limits on how long it kept search data. It will also minimise the amount of data it collects via its "Live Search" and online advertisement targeting services.
"Search, itself, is a relatively new business and advertising-supported search, and the issues it raises, are also relatively new," Mr Cullen said. "You have almost a collision of these two things."
Both Google and Microsoft have faced scrutiny from US and European regulators over their plans to merge with major players in the online advertising industry.
Google is seeking approval to buy advertising services firm DoubleClick for $US3.1 billion ($3.5 billion) , a move analysts said would more than double the number of web users to whom it serves up online ads. Similarly, Microsoft plans to buy diversified ad services company aQuantive, a DoubleClick rival, for $US6 billion. A shareholder meeting to approve the deal is set for August.
The DoubleClick deal, in particular, faces congressional hearings over the potential privacy issues that could arise from the concentration of data about consumer web-surfing habits, buying behaviour and advertising data.
Forrester privacy analyst Jennifer Albornoz Mulligan said the internet industry was feeling the heat from customers who were confused by the many conflicting state and federal privacy policies across banking, retail, advertising and elsewhere.
Most consumers had given up reading the detailed privacy notices contained in footnotes on websites because everyone knew that "you can adopt privacy principles without really doing a great job of protecting privacy", Ms Mulligan said.
Mr Cullen said ,Microsoft did not believe a one-size-fits-all approach to online privacy could work. It wanted consumers who sought anonymity online to have the power to do so, while giving customers who prized convenience over anonymity the access to a new class of personalised services that depend on user data.
"People want a high degree of personalisation, but they don't want to feel like they are being surveilled," he said
Back Story of Peter Cullen
REDMOND, Wash., June 23, 2003 — Microsoft Corp. today announced that Peter Cullen, a recognized privacy leader and current corporate privacy officer for Royal Bank of Canada (RBC), is joining the company as chief privacy strategist.
Cullen, who will join Microsoft on July 14, brings more than a decade of experience in privacy and data protection work to Microsoft's Trustworthy Computing initiative. Cullen will report to Scott Charney, chief Trustworthy Computing strategist, working closely with him to help ensure that privacy protections and best practices are incorporated into all Microsoft® products, services, systems and internal processes.
"Peter Cullen has the experience to drive Microsoft's commitment to privacy protections to the next level. With his deep background in privacy and data protection practices and their relationship to customer value, Peter will be an effective advocate for strong and innovative consumer privacy safeguards," Charney said. "We look forward to having Peter apply his experiences and skills to benefit Microsoft's customers and partners through the privacy pillar of our Trustworthy Computing initiative."
Cullen is widely recognized as a pioneer in privacy and helped develop the financial industry's best practices around the collection and use of information. His work resulted in Royal Bank of Canada (RBC) establishing important competitive differentiation that remains an example to several industries.
While at RBC, Cullen established the Corporate Privacy Group and its practices, a first for a Canadian financial institution. He also implemented an integrated privacy management/compliance structure for U.S. operations, which included six affiliate companies. As a result, Cullen helped RBC become recognized as a North American leader in the area of privacy management.
Microsoft's Trustworthy Computing initiative reflects the company's belief that technology must truly be trustworthy if it is ever to realize its full potential to enhance people's lives. Microsoft's Trustworthy Computing effort is focused on four key pillars: security, privacy, reliability and business integrity.
• Security means ensuring that one's information and data are safe. • Privacy means placing people in control of their personal information as well as respecting their right to be left alone. • Reliability means ensuring that technology works every time people need it. • Business integrity means being clear, open, fair, respectful and responsive to customers and the public.
Cullen said he decided to join Microsoft because of its commitment to driving privacy protections and programs within the company and throughout its industry.
"I look forward to joining Microsoft to help the company deliver on its vision of trustworthy computing," Cullen said. "Microsoft has placed a priority on privacy, and I look forward to applying my experience in developing innovative privacy practices and programs to deliver high-quality technologies and services to our customers and partners."
Cullen holds an MBA from Richard Ivey School of Business at the University of Western Ontario. He is a founding member of two networks of chief privacy officers and is an active public speaker.