Of all the body blows Microsoft has absorbed in the past 18 months over Windows 10, the criticisms of its privacy policies have to sting the most.
Last summer, the French National Data Protection Commission (CNIL) issued a formal notice against Microsoft, ordering that the company "stop collecting excessive data and tracking browsing by users without their consent."
The CNIL found Microsoft's collection of diagnostic information (so-called telemetry) acceptable but said that the default settings for Windows 10 go too far. The complaint singled out Microsoft's practice of collecting information about app usage as "excessive."
A month later, the Electronic Freedom Foundation took aim at Windows 10 with a signed editorial criticizing the company for "disregarding user choice" and sending "an unprecedented amount of usage data back to Microsoft...." As I noted at the time, EFF was especially critical of Microsoft's telemetry collection policies.
After months of explaining and defending its policies, publicly and in meetings with regulators, the company today announced that it's making a series of privacy-related moves. Terry Myerson, who runs the Windows and Devices Group, made the announcement in a blog post:
Many of you have asked for more control over your data, a greater understanding of how data is collected, and the benefits this brings for a more personalized experience. Based on your feedback, we are launching two new experiences to help ensure you are in control of your privacy.
First, today we're launching a new web-based privacy dashboard so you can see and control your activity data from Microsoft including location, search, browsing and Cortana Notebook data across multiple Microsoft services. Second, we're introducing in Windows 10 a new privacy set up experience, simplifying Diagnostic data levels and further reducing the data collected at the Basic level.
The changes to Windows 10 will roll out initially in an upcoming Windows Insider preview build, perhaps as soon as this week, and will reach the general public with the release of the Windows 10 Creators Update this spring.
I haven't seen these features in operation yet. The descriptions in the remainder of this post are based on what Microsoft says it plans to deliver. The broad outlines shouldn't change, but you can expect the user experience to evolve before the final release, based on feedback from Windows Insider Program participants and third parties.
Unlike its predecessors, the Creators Update will not arrive silently in the background. Instead, Microsoft plans to notify Windows 10 users that the update is available and allow them to schedule its installation. As part of the process of scheduling that upgrade, users will have the opportunity to make "explicit choices" about privacy settings in five categories.
This is the new privacy settings setup experience that will arrive soon in a Windows Insider preview build, according to Myerson:
This setup screen replaces the Express Settings in current Windows 10 public releases, which requires multiple extra steps to adjust default settings in a clean installation and offers no control over privacy options during upgrades. (To make matters worse, some users have reported that Windows 10 upgrades occasionally reset custom privacy options to their default settings after an upgrade.)
The new interface for setting privacy options also includes an explanation of what happens if you turn any of those settings off or, in the case of the Diagnostics setting, adjust it from Full to Basic.
All of those settings, along with more granular controls (such as setting location permissions on a per-app basis) will also be available after installation, under the Privacy heading in Settings.
The changes to telemetry settings start with the renaming of the category itself, from Diagnostic and Usage Data to just Diagnostics.
In all public releases of Windows 10 so far, non-Enterprise editions allow users and administrators to choose one of three levels to control telemetry collection: Full, Enhanced, and Basic. The changes in the Creators Update will eliminate the Enhanced level and also reduce the amount of information collected when you slide that switch to Basic.
(In Enterprise settings, administrators will continue to have an additional Security option, which eliminates virtually all telemetry collection but requires the deployment of an alternative update mechanism.)
In an interview, Microsoft Corporate Vice President Michael Fortin told me that the Enhanced level was "confusing," and "only a relatively modest number of Windows 10 users were choosing it." Most people either leave the default setting at Full or signal their preference for privacy by switching to the lowest available telemetry option, Basic, he noted.
Effective with this spring's Windows 10 feature update, telemetry information collected at the Basic level will no longer include information about app installation or usage. Instead, Myerson says, information collected at that level will focus strictly on security and reliability, with basic error reporting. That change should assuage some of the concerns of the CNIL and other regulators as well as privacy critics like the EFF.
The new Windows 10 settings are available in all installations, regardless of what type os account the user has signed in with.
The privacy dashboard is a separate feature, designed to give users of Microsoft services the opportunity to see and edit information that is collected and stored in the cloud when they are signed in with a Microsoft account.
According to Myerson, the new privacy dashboard (which will be available at https://account.microsoft.com/privacy) will allow Microsoft customers, regardless of hardware platform or operating system, to review and clear data such as browsing history, search history, location activity, and Cortana's Notebook. (Note that this data is associated with a Microsoft account and is not saved in the cloud when the user browses without signing in.)
Because this dashboard is web-based, it's likely to evolve significantly over time. In an interview, Myerson told me he expects his team to iterate on that user experience in response to feedback. "What we're learning," he said, "is that people don't always understand why something is being collected and what are the implications of clearing it out. We will continuously be improving."
On paper, Redmond can make a strong case that it has an economic incentive to protect its users' privacy. As I noted last summer, privacy should be a competitive advantage for Microsoft, especially when comparing its policies and practices to those of Google, whose entire business is built on collecting data from its users and turning it into advertising profiles.
Most of Microsoft's revenue comes from selling software licenses, cloud services, and hardware. A significant share of that business is with enterprise customers and government agencies that have a profound interest in privacy and security. Indeed, Microsoft has earned generally high marks for its handling of security and privacy issues in cloud services such as Office 365 and Microsoft Azure.
Where things get somewhat murkier is with products and services aimed at consumers and small businesses. Without transparency over exactly what information is collected and how it's used, the company remains vulnerable to accusations that it's spying on customers.
As Google and Facebook have proven, the most effective way to monetize personal information is through online advertising. Microsoft once had dreams of being an advertising powerhouse, which occasionally led to struggles between product designers and ad sellers.
But the company abandoned that strategic goal five years ago when it wrote off the acquisition of aQuantive and scaled back its advertising ambitions after five years of struggling. Today, the company's advertising business is healthy but relatively small and mostly intended to monetize strategic assets such as its Bing and Cortana search tools.
In Microsoft's most recent quarter, search advertising and other forms of online ads accounted for only about 5 percent of total revenue. Contrast that with Google, which earns roughly 90 percent of its revenue from advertising and depends on collecting massive amounts of data to power the ads that pay for Google Search, Gmail, and other free products
Without Microsoft's investments in those technologies, Google's dominance in search would arguably be a monopoly.
Still, even that small-by-Redmond-standards online search advertising business brought in about $1.4 billion in revenue in its recent quarter, up 40 percent over the previous year. Microsoft's ad business might be tiny compared to its rivals, but it's big enough for regulators and privacy advocates to worry about whether the company's data collection is being driven by its ad business.
Myerson tells me that they've shared details about its data collection practices with large enterprise customers and regulators. "That dialog is taking place in every country where we do business," he said. "We believe users have a right to privacy and users should have control over their data."
For consumers and small businesses, the new privacy dashboard offers more control over online data, but you'll have to take Microsoft assurances on faith when it comes to telemetry.
I asked Myerson whether Microsoft would consider contracting with an outside group, such as the EFF, to audit its data collection policies and offer an independent report.
"That's an interesting idea," he replied. "But various countries are going farther than hiring an audit firm. They're passing laws. We're making sure we're fully compliant with laws that affect Windows users."