Microsoft says Windows Phone shows privacy principle as US inquiry analyses location data

Windows Phone and Kinect are both examples of Microsoft's principle of privacy by design the software firm applies to all products and services, it said.

Windows Phone and Kinect are both examples of Microsoft's principle of privacy by design the software firm applies to all products and services, it said.

"Privacy is important to Microsoft and an important element of design because we see it as being core to long-term business success," said Brendon Lynch, chief privacy officer at Microsoft.

Kinect, for example, has been designed with privacy in mind, Brendon Lynch said, with all biometric data linked to facial recognition and body geometry tracking stored only locally in encrypted form.

Images and data are stored only locally by default. Back-up data can be stored online only with express consent of the user, said the company.

Doing nothing without making users aware of it was a clear design principle for Kinect, said Doug Park, director online safety. He said user testing focused on safety and security and was included in the earliest phases of design.

"There is a continuing focus on safety settings, with family subscriptions designed to enable parents to manage up to four accounts, set time limits and generate reports," Doug Park said.

Microsoft has also a well-established mechanism for users to flag inappropriate content, which will be immediately taken down pending review as well as automated systems for identifying images for review.

Windows Phone is another example of privacy by design, said Lynch. All location-based data sharing in Windows Phone is switched off by default, he said. It can be turned on only with user consent, on an application by application basis.

Users are warned if applications will use location data, either on first use if the application is pre-installed, or at installation in the case of applications downloaded from the market place.

Windows Phone also enables users to switch off location sharing at any time, across all applications, or just selected applications and geo-location tags are added to images and shared only with user consent.

According to Lynch, all Microsoft products and services are subject to a single privacy policy that incorporates the core principles of privacy found in the major privacy frameworks and regulations.

The policy is designed to align with all legal requirements as well as the business policy to cover everything that is appropriate to protect, he said.

Microsoft's privacy policy is 98% global policy, said Lynch, with only around 2% not matching specific regulations in some regions.

Microsoft shares location data source code for review of Wi-Fi information harvesting >>

Read more on IT risk management

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.