X

Microsoft to publish its privacy rules

Guidelines are meant to help other developers improve practices and offer a look behind the scenes at the company.

Joris Evers Staff Writer, CNET News.com
Joris Evers covers security.
See full bio
Joris Evers
2 min read
MOUNTAIN VIEW, Calif.--Microsoft plans in August to publicly release the privacy rules its employees have to follow when developing products.

The move, which offers a look behind the scenes at Microsoft, is meant to give the industry an example of what the software giant sees as best practices in customer privacy, said Peter Cullen, the chief privacy strategist at Microsoft.

"We think that this is information that partners and others could benefit from. Lots of people build and develop applications," Cullen said in an interview Thursday. "The privacy development standards will not only be made public, but we will actively be promoting their use so that others can benefit from what we've learned."

The privacy rules offer guidelines on providing people with proper notification and options in certain situations--for example, when a software application is about to send information via the Internet to its maker, Cullen said. Microsoft believes it is the first major software company to publish these guidelines.

"This is designed for an IT pro or a developer, in terms of: 'If you're building an application that does X, this is what we think should be built,'" he said. "The public document will use a lot of 'shoulds.' Inside Microsoft, those are 'musts.'"

While the release of the guidelines will likely not have any immediate effect on consumer privacy, it is a positive development, privacy watchers said.

"Microsoft is advancing the dialog about how privacy issues are addressed by the technology providers," said James Van Dyke, an analyst at Javelin Strategy & Research. "This will force other technology firms to similarly comply, rebut or propose alternative positions, all of which will move us closer to deciding acceptable use of private information through technology."

The company has a single, global privacy policy, Cullen said. This means that the same policy applies even in countries that have limited or no privacy regulation.

Microsoft's privacy reputation is not untarnished. Earlier this month, it faced criticism for not disclosing that one of its antipiracy tools, called Windows Genuine Advantage Notifications, pinged the company every time a PC was booted up. Microsoft has offered a public mea culpa and has said it will adjust the frequency of the calls home.

"We have a basic promise that we will be as transparent as possible," Cullen said. "We neglected the area of the notifications, so that's definitely going to be changed?It's just an oversight."

Some of Microsoft's practices are impressive and commendable, but others are badly bungled, said Ben Edelman, a spyware researcher and Harvard doctoral candidate. He supports Microsoft's plan to publish its privacy standards for developers.

"It's a fine idea," he said. "It would be easier to endorse if we could be more confident that Microsoft's own house is in order, which is suddenly a subject of some worry after the WGA issues."

(Return to CNET News.com next week for the full interview with Microsoft's Cullen.)