Before joining Microsoft, Brendon led the privacy and risk solutions business at software maker Watchfire. Prior to entering the software industry in 2002, Brendon spent nine years in Europe and North America with PricewaterhouseCoopers, where he provided privacy and risk management consulting services. Brendon serves as Chairman of the International Association of Privacy Professionals (IAPP) Board of Directors, is a Certified Information Privacy Professional (CIPP) and holds a business degree from the University of Waikato, in his home country of New Zealand.
Posted by Brendon LynchChief Privacy Officer, Microsoft
Today, Microsoft announced Windows 8 has reached Release Preview and Internet Explorer 10 in Windows 8 will have “Do Not Track” (DNT) on by default. This post includes additional thoughts about this important milestone in our effort to advance trust and consumer privacy online. Internet Explorer 10 on Windows 8 will be the first browser to have DNT on by default. Consumers can change this setting, but the default will be to send the DNT signal to websites that consumers visit.
With Windows 8’s recent release to manufacturing, we know many people are interested in how customers will discover Do Not Track (DNT) in Internet Explorer 10. DNT will be enabled in the "Express Settings" portion of the Windows 8 set-up experience. There, customers will also be given a "Customize" option, allowing them to easily switch DNT "off" if they'd like.
This approach is consistent with Microsoft's goal of designing and configuring IE features to better protect user privacy, while also affording customers control of those features. It also underscores that the privacy of our customers is a top priority for Microsoft.
As part of our ongoing efforts to strengthen privacy for consumers, Microsoft recently announced that the next version of Internet Explorer (IE 10) will include the Do-Not-Track (DNT) feature turned “on” by default.
There has been a lot of public debate about tracking users’ activities on the Internet, including for the purposes of targeted advertising. Although there definitely are important benefits from targeted ads, many people are not comfortable receiving them. For example, results of a recent study by the Pew Internet & American Life Project show 68 percent of respondents were “Not OK” with targeted advertising because they don’t like having their online behavior tracked and analyzed.
Accountability has been a globally recognized principle of privacy and data protection for more than three decades. But in the past few years, an important effort has been under way to clearly delineate what accountability—and the related concept of responsibility—means for organizations that collect, store and process information.
To help advance this critical conversation, today we are publishing an accountability-based analysis of Microsoft’s privacy program. We are releasing the paper to coincide with meetings at the European Parliament in Brussels this week of The Accountability Project co-hosted by the Centre for Information Policy Leadership and the European Data Protection Supervisor as part of a global Accountability Project.
As we engage with people around the world, it is clear that privacy issues are top of mind for consumers, businesses, governments and policymakers. It seems like every day there is a new story highlighting concerns related to the collection, use and protection of personal data. Legislators and regulators are carefully monitoring the landscape, and actively exploring ways to protect consumers’ privacy. Meanwhile, consumers are getting more engaged, and asking important questions about how data is protected.
To advance this discussion, Microsoft is launching a series of privacy conversations at our Innovation & Policy Center in Washington, D.C. Microsoft has a longstanding commitment to privacy, and works hard to earn the trust of customers around the world by, in part, developing and adopting meaningful privacy practices.
Privacy is a top priority for many users of cloud computing, so Microsoft today is releasing a white paper that details many of the specific data protection policies, procedures and tools that have been integrated into Office 365, our newest cloud productivity service.
I recently returned from a two-week trip to discuss a range of privacy topics with customers and regulators in Australia and New Zealand. In virtually every conversation, I was asked about Microsoft’s approach to data protection in our cloud services. Microsoft representatives around the world report hearing similar questions regularly in each of their regions.
I spent last week in Brussels with privacy regulators and practitioners from around the world, many of whom were there for the IAPP European Data Protection Congress. It’s an important time for privacy globally, and I want to share a few of my insights from the week (including my keynote address to the conference and a separate event we hosted on transatlantic privacy) and how they apply to what we’re doing to advance privacy at Microsoft.
Today, I am representing Microsoft in a Location Based Services Forum hosted by the Federal Communications Commission (FCC) to discuss how consumers can harness the potential of location-based services while still protecting their privacy. Location-based services have become indispensable for many consumers as they unlock rich, rewarding and personalized online experiences – particularly on mobile phones. We commend the FCC for convening stakeholders in a forum that explores the benefits individuals can reap from new services while actively engaging to protect their personal information. The Forum will include discussions on Privacy by Design and consumer education.
Technologies and services that track, analyze and share individuals’ movements have proliferated in recent years. With more and more people connecting to the Internet through mobile devices, and with location based services surging in popularity, new concerns are emerging about how individuals’ movements are tracked and analyzed.
In recognition of Data Privacy Day on Jan. 28, Microsoft is releasing new research on consumer awareness of location based services and their privacy implications. We commissioned a survey of 1,500 people in the U.S., United Kingdom, Canada, Japan and Germany to evaluate consumers’ understanding and use of location based services. We found that respondents expressed strong concerns about privacy and how location-based data is compiled and used:
Posted by Brendon LynchChief Privacy Officer and Senior Director, Trustworthy Computing
Last night, Microsoft was honored to accept the 2010 HP-IAPP Privacy Innovation Award for Technology. The award was presented by the International Association of Privacy Professionals (IAPP), the world’s largest association of privacy professionals, during the IAPP Privacy Academy conference in Baltimore, MD, USA. We won the award for U-Prove, a security and privacy-enhancing technology that helps people protect their identity-related information. U-Prove uses tokens that make it possible for people to protect their identities by enabling them to disclose only the minimum amount of information needed for a transaction – sometimes no personal information may be needed at all. We are delighted that our fellow privacy professionals have recognized the innovative nature of the U-Prove technology and Microsoft’s commitment to enable privacy in identity systems. We have taken an initial step to make the U-Prove technology broadly available to software developers under an open source license.
Posted by Brendon LynchChief Privacy Officer
New technology, powerful handheld computing devices, and inexpensive data storage have enabled a wide array of online services that help people connect, collaborate and get things done. Today, more than two billion people use the Internet. That’s a staggering number, and it has doubled in the last five years.
These trends have fueled the adoption of business models that rely heavily on the collection and processing of data. The growth of cloud computing services, which enable online storage and processing of vast amounts of data, offers great benefits to society.
However, consumers, privacy advocates and policy makers alike have legitimate concerns about potential threats to data protection and personal privacy online and in the cloud.
Microsoft understands these concerns and is actively working to address them.
Years ago, we recognized the critical importance of privacy to our customers. And, as a result, we have invested heavily to build what we believe are some of the strongest privacy programs in our industry, which are part of our broader support for Trustworthy Computing.
Posted by Brendon Lynch
Chief Privacy Officer, Microsoft
The Federal Trade Commission today released a major report on consumer privacy online. You can read the report here.
Microsoft has long recognized the critical importance of privacy to our customers. Our internal tools and processes help ensure that privacy is incorporated into Microsoft products and services.
Internet Explorer 8 has some of the most robust privacy features on the market, including being the first to introduce InPrivate Browsing, rich integrated cookie controls, and still being the only browser to offer consumers InPrivate Filtering. Internet Explorer 9 will continue this focus and leadership on enabling our customers’ choice and control with respect to their online privacy.
We appreciate the Federal Trade Commission’s efforts to advance consumer privacy protections and welcome the opportunity to review the FTC’s Privacy Report. We were pleased to participate in the series of roundtables that formed the basis for the report, and support the FTC’s continued work to engage all interested stakeholders on these important issues.
Today, I’m happy to share a new Microsoft publication, Building Global Trust Online: Policy Perspectives on Privacy, Safety and Security. It’s intended as a starting point for discussions with policymakers on these important and sometimes difficult issues and also provides good insights into Microsoft’s perspective on key issues. Building Global Trust Online relies on extensive work and ongoing research by Microsoft’s internal teams as well as consultation with external subject-matter experts.
Within Building Global Trust Online, you’ll find overviews of key issues; a summary of Microsoft’s response to these issues, which includes products, services and global collaborations; and a list of helpful resources and links for further reading and support.
Last week, we launched a consumer privacy awareness campaign to educate people about the tools and technologies Microsoft provides to help protect their personal information online.
As part of our ongoing commitment to privacy, Microsoft has included improvements to our support of the World Wide Web Consortium’s (W3C) Do Not Track (DNT) effort in the Windows 8.1 Preview released at Microsoft’s Build conference last week. Specifically, the new version of Internet Explorer (included with the Windows 8.1 Preview) is the first major browser to implement User-Granted Exceptions from the W3C's Tracking Protection Working Group’s specification effort. The Do Not Track exceptions capability in Internet Explorer, which we refer to as the “permissions API” (application programming interface), enables websites to ask for an exception to a consumer’s DNT setting and provides a mechanism for that permission to be stored and communicated to the website in the future. Enabling consumers to grant permission to a particular website or service for collection and use of their information, even when DNT is on for other sites, reflects feedback that we heard clearly during discussions. You can try out the new functionality, when using the Windows 8.1 Preview, here.
Our customers expect strong privacy protections to be built into Microsoft technologies, so we make privacy a priority. Our inclusion of Do Not Track (DNT) in Internet Explorer 10 and Internet Explorer 11 is an example of how we strive to meet these expectations.
We believe DNT holds potential to help people better manage their privacy online. However, until stakeholders collectively agree on what DNT means and how websites should respond to the DNT signal, its promise will not be fully realized. Microsoft has been steadfastly committed to and engaged in the W3C's Tracking Protection Working Group’s efforts to define a DNT standard. Developing standards that work across an entire industry is often difficult, but the benefits make the effort worthwhile.
Posted by Brendon LynchChief Privacy Officer, Microsoft
We at Microsoft focus on privacy protections for our customers every day of the year. On Jan. 28, we join others across private and public sectors around the world to mark Data Privacy Day (DPD) – which is also known as Data Protection Day in Europe where it began in 2006. In support of the day’s focus on educating and empowering people, I’ll be participating in a DPD panel discussion hosted by the National Cyber Security Alliance (NCSA) in Washington, D.C. on Jan. 28, and will share the results of a new Microsoft commissioned survey that measured online privacy perceptions among technology savvy individuals in the U.S. and four European countries (Belgium, France, Germany and the UK).
Our panel discussion will focus on “Notice and Consent: Innovating a New Path Forward,” where we’ll explore the complex opportunities and challenges that businesses, civil society and government must overcome to adapt traditional privacy models for the era of big data and the Internet of Things.