Microsoft Proposes Self-Regulatory Approach for Online Privacy
In Federal Trade Commission filing, Microsoft advocates adoption of a more comprehensive framework to protect consumer privacy.
Microsofts recommendations call for distinct privacy standards in five key circumstances: when site visitors data is collected for online advertising, when ads are delivered on unrelated sites, when sites engage in behavioral advertising, when personally identifiable information is used, and when sensitive personal data is used.
The foundation of Microsofts approach is the idea that the greater the potential risk to privacy, the greater the protection. For example, the most stringent tier requires that online advertisers receive affirmative express consent from consumers before they may use sensitive personally identifiable information such as personal health information for advertising purposes.
Todays filing was submitted in response to the FTCs request for comments on its own proposed self-regulatory principles to govern online advertising. In its comments, Microsoft commended the FTC for its ongoing efforts to protect consumer privacy and recommended that the agency broaden its focus to tackle the full array of online behavioral advertising practices, many of which are unfamiliar to consumers.
"We welcome the opportunity to work with the FTC to ensure that online consumers benefit from meaningful privacy protections," said Brad Smith, senior vice president, general counsel and corporate secretary, Legal & Corporate Affairs, Microsoft. "Online advertising should put consumers in the drivers seat, not only with the information they want to see, but also with the tools to protect their privacy."
In its comments to the agency, Microsoft called for a five-tiered framework that imposes increasing obligations depending on the type of advertising involved:
- Collecting data about site visitors. Organizations that keep records of page views or collect other information about consumers for the purpose of delivering ads or ad-related services on their own sites should post a privacy policy on the home page, implement reasonable security procedures, and retain data only as long as necessary to fulfill a legitimate business need or as required by law.
- Delivering ads on unrelated sites. Entities that engage in delivering online ads or services across unrelated third-party sites should ensure that consumers receive notice of the privacy practices of those sites.
- Behavioral advertising. Entities that seek to develop a profile of consumer activity to deliver advertising across unrelated third-party sites should also offer consumers a choice about the use of their information for such purposes.
- Use of personally identifiable information. Third parties that rely on personally identifiable information such as a name, e-mail address, physical address or phone number for delivering ads or related services across multiple sites or for behavioral advertising should, at a minimum, give consumers the ability to opt out of having personally identifiable information collected for the purpose of targeting ads.
- Use of sensitive personal data. Third parties should be required to obtain affirmative express consent before using sensitive personally identifiable information such as health or medical conditions, sexual behavior or orientation, or religious beliefs for behavioral advertising.
The foundation of Microsofts approach is the idea that the greater the potential risk to privacy, the greater the protection. For example, the most stringent tier requires that online advertisers receive affirmative express consent from consumers before they may use sensitive personally identifiable information such as personal health information for advertising purposes.
Todays filing was submitted in response to the FTCs request for comments on its own proposed self-regulatory principles to govern online advertising. In its comments, Microsoft commended the FTC for its ongoing efforts to protect consumer privacy and recommended that the agency broaden its focus to tackle the full array of online behavioral advertising practices, many of which are unfamiliar to consumers.
"We welcome the opportunity to work with the FTC to ensure that online consumers benefit from meaningful privacy protections," said Brad Smith, senior vice president, general counsel and corporate secretary, Legal & Corporate Affairs, Microsoft. "Online advertising should put consumers in the drivers seat, not only with the information they want to see, but also with the tools to protect their privacy."
In its comments to the agency, Microsoft called for a five-tiered framework that imposes increasing obligations depending on the type of advertising involved:
- Collecting data about site visitors. Organizations that keep records of page views or collect other information about consumers for the purpose of delivering ads or ad-related services on their own sites should post a privacy policy on the home page, implement reasonable security procedures, and retain data only as long as necessary to fulfill a legitimate business need or as required by law.
- Delivering ads on unrelated sites. Entities that engage in delivering online ads or services across unrelated third-party sites should ensure that consumers receive notice of the privacy practices of those sites.
- Behavioral advertising. Entities that seek to develop a profile of consumer activity to deliver advertising across unrelated third-party sites should also offer consumers a choice about the use of their information for such purposes.
- Use of personally identifiable information. Third parties that rely on personally identifiable information such as a name, e-mail address, physical address or phone number for delivering ads or related services across multiple sites or for behavioral advertising should, at a minimum, give consumers the ability to opt out of having personally identifiable information collected for the purpose of targeting ads.
- Use of sensitive personal data. Third parties should be required to obtain affirmative express consent before using sensitive personally identifiable information such as health or medical conditions, sexual behavior or orientation, or religious beliefs for behavioral advertising.