Commitment to consumer privacy in Windows Phone 7
Posted by Andy Lees
President, Mobile Communications Business, Microsoft
Many consumers and policymakers are asking important questions about how today’s phones are collecting and using information about a phone user’s location. The discussion has intensified over the past few weeks when the practices of two other companies in the mobile market were called into question. As a result, several members of the House of Representatives sent a letter to a number of companies that provide mobile phone services seeking clarity on this issue.
We at Microsoft believe this is an important discussion to have. To that end, below, I’ve included what we’ve shared with Congress about the ways Microsoft has taken privacy into account proactively with Windows Phone 7. (You can also find a copy of our response here.)
In just a few short years, the smartphone has become indispensible for many consumers, who use it for any number of feature-rich services. Some of those services rely on location. Location data can lead to better search results, provide useful information like local movie options and directions to the nearest coffee shop, and help you find nearby friends for an impromptu get together. This means that companies have the ability to gather a lot of data about users.
At Microsoft, we believe that consumers should have control over the location information they share, and that the information collected should be narrowly tailored to support specific experiences on Windows Phone 7 devices. We believe that our careful and deliberate approach to user privacy in the development of the Windows Phone 7 operating system reflects Microsoft’s commitment to give users informed choices about the collection and use of location information and reflects our intent to facilitate the delivery of device location information solely at the user’s request and solely for the user’s benefit.
We believe that, when designed, deployed and managed responsibly, the location-based features of a mobile operating system should function as a tool for the user and the applications he or she elects to use, and not as a means to generate a database of sensitive information that can enable a party to surreptitiously “track” a user.
As a result of these commitments, Microsoft designed the location-based services on Windows Phone 7 with the following principles in mind:
1. User Choice and Control. Microsoft does not collect information to determine the approximate location of a device unless a user has expressly allowed an application to collect location information. Users that have allowed an application to access location data always have the option to disable access to location data at an application level, or they can disable location collection altogether for all applications by disabling the location service feature on their phone.
2. Observing Location Only When the User Needs It. Microsoft only collects information to help determine a phone’s approximate location if (a) the user has allowed an application to access and use location data, and (b) that application actually requests the location data. If an application does not request location, Microsoft will not collect location data.
3. Collecting Information About Landmarks, Not About Users. Microsoft’s collection of location data is focused squarely on finding landmarks that help determine a phone’s location more quickly and effectively. In our case, the landmarks we use are nearby Wi-Fi access points and cell towers. The information we collect and store helps us determine where those landmarks are, not where device users are located. In fact, we’ve recently taken specific steps to eliminate the use and storage of unique device identifiers by our location service when collecting information about these landmarks. Without a unique identifier or some other significant change to our operating system or practices, we cannot track an individual device.
4. Transparency About Microsoft’s Practices. Microsoft gives consumers opportunities to learn more about its location data collection practices. When the user makes a decision to allow an application to access and use location data, Microsoft provides a link to the Windows Phone Privacy Statement, which includes its own section on location services with information describing the data Windows Phone 7 collects or stores to determine location, how that data is used and how consumers can enable or disable location-based features. Additionally, at the time that Windows Phone 7 launched last November, Microsoft published a consumer-friendly Q&A in the “Help and How-To” section of its Windows Phone website to address commonly-asked questions about location services and consumer privacy. This Q&A provides detailed information on how location services work for Windows Phone 7, the data Microsoft collects to provide location services, and step-by-step instructions (as well as diagrams) on how to enable and disable location services on Windows Phone 7, and the methods Microsoft uses to assemble and maintain its location database. Prior to launch of Windows Phone 7, Microsoft proactively engaged with various government and consumer organizations to start constructive dialogues regarding our location data collection and use practices.
Microsoft’s commitment to ensuring protection of consumer privacy is long-standing across all our products. Throughout the process from development to the store shelves, we seek to provide a clear understanding of our practices and simple effective tools to help consumers protect their data. It’s a commitment that we stand by with Windows Phone 7.