Microsoft Scrutinized by EU Privacy Watchdogs for Policy Changes

Source: Microsoft Corp.

Microsoft Corp.'s Bing serach engine. Close

Microsoft Corp.'s Bing serach engine.

Source: Microsoft Corp.

Microsoft Corp.'s Bing serach engine.

Microsoft Corp. (MSFT)’s policy changes for its Internet products including Hotmail and Bing are being formally examined by European data protection regulators for potential privacy issues.

Updates to Microsoft’s services agreement, which took effect Oct. 19, are being formally reviewed, EU privacy regulators wrote to Microsoft Chief Executive Officer Steve Ballmer and the head of Microsoft Luxembourg. Luxembourg’s and France’s data protection commissions are leading the examination, according to the Dec. 17 letter, obtained by Bloomberg News.

“Given the wide range of services you offer, and popularity of these services, changes in your Services Agreement and the linked Privacy Policy may affect many individuals in most or all of the EU member states,” wrote Jacob Kohnstamm, who leads the association of EU data protection commissioners. They “decided to check the possible consequences for the protection of the personal data of these individuals in a coordinated procedure.”

The review will verify whether the changes could entail new risks for users’ privacy. The examination is also checking whether Redmond, Washington-based Microsoft’s privacy policy meets European standards on notifying users and allowing them a choice of services, Gerard Lommel, head of the Luxembourg privacy regulator, said in an interview in October.

Privacy Policy

“In updating the Microsoft Services Agreement we did not change our privacy policy,” said Robin Koch, a spokesman for Microsoft in Brussels. “We are confident they will find Microsoft’s long-standing commitment to privacy has not changed.”

The 27 EU data protection regulators, who work together in the so-called Article 29 Data Protection Working Party, urged Google Inc. to address concerns about its privacy policy in October following a review of changes implemented this year.

Data protection is currently policed by separate regulators across the EU. As part of an overhaul of the union’s 17-year-old rules on the issue, its executive body wants to simplify the system so companies deal with only one regulator in the region.

To contact the reporter on this story: Stephanie Bodoni in Luxembourg at

To contact the editor responsible for this story: Anthony Aarons at

Press spacebar to pause and continue. Press esc to stop.

Bloomberg reserves the right to remove comments but is under no obligation to do so, or to explain individual moderation decisions.

Please enable JavaScript to view the comments powered by Disqus.