Hi, I’m Jules Cohen. I work in Microsoft’s Privacy group. I focus on our privacy strategy and helping our product teams to support our privacy principles.
In his post on July 23, 2007, Peter discussed some of the key aspects of our Privacy Principles for Live Search and Online Ad Targeting. As part of the work our team does around these principles, we’ve written a whitepaper that describes how we protect your privacy when serving ads: “Privacy Protections in Microsoft's Ad Serving System and the Process of "De-identification,"
In working on this whitepaper, we’ve focused on our first and fourth privacy principles.
Principle I states:
We will be transparent about our policies and practices so that users can make informed choices.
Principle IV states:
We will design our systems and processes in ways that minimize the privacy impact of the data we collect, store, process and use to deliver our products and services.
So, as a part of honoring the first principle we have produced a whitepaper that shares a lot of the details of how we’ve gone about implementing the fourth principle. In particular, the paper spells out the details of how we have designed our online ad targeting platform to select appropriate ads based only on data that does not personally and directly identify individual users.
I encourage you to read the paper but I’ll share the punchline up front. We use an automated one-way hash to associate non-identifying demographic and clickstream data with an ID that isn’t linked to any data that personally and directly identifies any individual user. Our systems then use that ID, rather than one that is directly connected to personal information (like your e-mail address) to serve ads. This means that neither the machines nor the folks who work on the ads systems can identify the people who are getting the ads based on the information in the ads system. We think that this is a strong privacy protection and we hope you agree.