Out-Law News | 19 Dec 2012 | 5:07 pm | 2 min. read
The Information Commissioner's Office (ICO) told Out-Law.com that it was assisting "partners" across Europe with an investigation into recent changes to the Microsoft Service Agreement (MAS).
Bloomberg news agency had first reported that Jacob Kohnstamm, the head of the Dutch data protection authority and chairman of the EU's Article 29 Working Party, had written to Microsoft to inform it that its changes to MSA were being looked into. The Article 29 Working Party is a committee made up of representatives from the data protection authorities based in the EU's 27 member states.
A spokesperson for the ICO confirmed the probe to Out-Law.com.
"The Information Commissioner's Office (ICO) is currently working with European partners to support work by the Luxemburgish data protection authority (CNPD) and the French data protection authority (CNIL) around recent changes to the Microsoft Service Agreement," the ICO spokesperson said in a statement.
"Any organisation that processes people’s personal data must be open and upfront about how this information will be used and for what purpose. It is important to remember that service agreements and their linked privacy policies rarely break laws in themselves, and companies should be encouraged to communicate changes to how they handle personal data to their customers. If anyone feels that an organisation has not handled their information fairly then they can make a complaint to the ICO," they added.
In August Microsoft outlined changes, from 19 October, brought changes to the terms contained in the MAS.
The new terms state: "When you upload your content to the services, you agree that it may be used, modified, adapted, saved, reproduced, distributed, and displayed to the extent necessary to protect you and to provide, protect and improve Microsoft products and services."
Previously the terms stated that Microsoft could make use of users' data "solely to the extent necessary to provide the service," according to a report by The Register.
In October a Microsoft spokesman told the New York Times that the company does not "use the content of our customers’ private communications and documents to create targeted advertising". He said that "if that ever changes, we’ll be the first to let our customers know," according to the newspaper's report.
A spokesperson for the technology giant has now said that the company is "happy to answer any questions officials may have about recent changes to the Microsoft Services Agreement, which we’ve said previously do not alter our privacy policies," according to The Register's report.
In October CNIL published a document containing recommendations it said Google should adopt to remedy the concerns expressed by it and the other privacy watchdogs.
At the time CNIL said that Google does not have a "valid legal basis" to combine personal data it gathers about users from their use of more than one of its services for some purposes for which the information is collected. It said Google needs user consent to combine personal data collected from various services in some cases and said users should have access to "simple opt outs" where they have a "right to object".