"Privacy is important to Microsoft and an important element of design because we see it as being core to long-term business success," said Brendon Lynch, chief privacy officer at Microsoft.
Kinect, for example, has been designed with privacy in mind, Brendon Lynch said, with all biometric data linked to facial recognition and body geometry tracking stored only locally in encrypted form.
Images and data are stored only locally by default. Back-up data can be stored online only with express consent of the user, said the company.
Doing nothing without making users aware of it was a clear design principle for Kinect, said Doug Park, director online safety. He said user testing focused on safety and security and was included in the earliest phases of design.
"There is a continuing focus on safety settings, with family subscriptions designed to enable parents to manage up to four accounts, set time limits and generate reports," Doug Park said.
Microsoft has also a well-established mechanism for users to flag inappropriate content, which will be immediately taken down pending review as well as automated systems for identifying images for review.
Windows Phone is another example of privacy by design, said Lynch. All location-based data sharing in Windows Phone is switched off by default, he said. It can be turned on only with user consent, on an application by application basis.
Users are warned if applications will use location data, either on first use if the application is pre-installed, or at installation in the case of applications downloaded from the market place.
Windows Phone also enables users to switch off location sharing at any time, across all applications, or just selected applications and geo-location tags are added to images and shared only with user consent.
The policy is designed to align with all legal requirements as well as the business policy to cover everything that is appropriate to protect, he said.