Microsoft changes course, won't access user data in theft probes
Microsoft will no longer go through email messages and other personal data that users of its online services have stored on its servers, a decision taken after being sharply criticized for accessing a person’s inbox as part of an internal investigation.
“Effective immediately, if we receive information indicating that someone is using our services to traffic in stolen intellectual or physical property from Microsoft, we will not inspect a customer’s private content ourselves,” said Brad Smith, Microsoft’s general counsel and executive vice president, legal and corporate affairs, in a blog post on Friday.
Instead, the company will refer the matter to law enforcement agencies if further action is required, he said.
The company subsequently amended its policies, saying that in the future a separate legal team at the company would review evidence in similar cases before deciding to access an end user’s data.
Since then, “we’ve had the opportunity to reflect further on this issue” after having internal conversations and talks with advocacy groups and other experts, Smith wrote.
“Although our terms of service, like those of others in our industry, allowed us to access lawfully the account in this case, the circumstances raised legitimate questions about the privacy interests of our customers,” Smith said.
However, it might not be a blanket promise. The company did not say whether it would also change its policies if the case involves a matter other than stolen property. Microsoft did not immediately respond to a request for comment.
Microsoft said it will incorporate the change into its customer terms of service in the coming months.