Microsoft develops Net privacy initiatives

Microsoft and the Electronic Frontier Foundation propose new ways to simplify how Web sites create and post their privacy policies.

3 min read
Microsoft and the Electronic Frontier Foundation are proposing new ways to simplify how Web sites--particularly small ones with relatively few technical capabilities--create and post their privacy policies.

The initiative involves new Privacy Wizard tools, which are free to use for Web sites that wish to set up privacy policies, plus two standards-related initiatives before the World Wide Web Consortium (W3C).

Early next week Microsoft and Truste, a business-oriented privacy organization, will post tools for creating privacy policies on the MSN LinkExchange Web site. LinkExchange, which Microsoft purchased in November, provides online tools, including an ad banner exchange, for small Net businesses.

"This makes it simple for small businesses and Web site owners to create a machine-readable privacy policy that we believe creates the foundation for a reliable trust infrastructure on the Internet," said Saul Klein, a Microsoft group program manager.

Making a policy machine-readable means it can be read automatically by a Web browser or search engine to determine whether a Web site's privacy practices are acceptable to a user. No current browsers have that capability.

Online privacy is a key concern of consumers, and last week a study from trade group Information Technology Association of America and Ernst & Young named privacy as a top barrier to the growth of Internet commerce. But only a small percentage of Web sites post privacy policies, and efforts to date have concentrated on larger companies.

The Microsoft-Electronic Frontier Foundation initiatives come as the United States and the European Union are knocking heads over privacy policies. The Europeans demand legal protections on personal data, while the United States has argued that industry self-regulation should be given a chance.

Today's announcement skirts the policy issues to focus on using technology to facilitate the exchange of information about a Web site's privacy policy with site visitors.

The goal of the announcement is for Web sites to post their privacy policies not only as text but in a computer format that a Web browser could detect when visiting a site. Then the Web user could decide what kind of personal data to give the site, depending on the user's preferences and the site's privacy policy. A standard format could automate that process.

"E-commerce and privacy go hand in hand," Tara Lemmey, president of EFF, said in a statement. "Any Web site that collects people's personal information has a responsibility to disclose how it is using that information."

The Privacy Preferences Project (P3P), a standards effort overseen by the W3C, is an industry effort to create a technology framework for communicating privacy policies no matter what the specific policies are.

"We've been very supportive of P3P," said Deirdre Mulligan, staff counsel of privacy advocates Center for Democracy and Technology. "We think there's a real need that's different from the question of whether we need or don't need legislation."

Microsoft and EFF have submitted two privacy-related "notes" for changes to P3P. One essentially takes the Privacy Wizard and submits it as a standard.

The second is a new "e-commerce data schema" that outlines privacy and security guidelines to make online buying safer for consumers. It calls for Web sites to disclose how they will use e-commerce data collected from a shopper and to abide by online enforcement mechanisms such as Truste, BBBOnline, the European Union Data Directive, and national laws.

The second e-commerce proposal was developed in conjunction with others, including AT&T.

The Microsoft-driven effort could conflict with new "digitalme" technology that Novell unveiled last month. Based on Novell's directory technology, the new tool would centralize information on a user's access rights and privacy preferences so the same data wouldn't have to be entered at each Web site. It would allow users to specify the information a specific site can retrieve.