Europe's top data privacy agency has launched a formal investigation into Microsoft's privacy policy.
Microsoft confirmed on Tuesday that it had received a letter from the Article 29 Working Party that it would proceed with a probe. On October 26, the computer giant was notified of a preliminary investigation. The Article 29 Working Party (A29 WP) is made up of the data regulators from all European Union member states as well as the European Data Protection Supervisor (EDPS).
In the short, formal letter addressed to Microsoft Chief Executive Officer Steve Ballmer on December 17, the head of the A29 WP Jacob Kohnstamm, said that the investigation was taking place in response to changes in Microsoft's Services Agreement and the possibility that these would affect its privacy policy.
But Robin Koch, a spokesman for Microsoft in Brussels, said: "In updating the Microsoft Services Agreement we did not change our privacy policy. We are confident they will find Microsoft's long-standing commitment to privacy has not changed. And we're happy to answer any questions the officials may have."
He added that Microsoft is working on clarifying the language of the agreement to make clear its privacy commitments. Koch also reiterated Microsoft's position that although customer data may be used to improve services, such as malware and spam filters, it is never used to target advertising.
The Luxembourg data protection authority and the French data protection authority, CNIL, will take the lead in investigating the policy. Such investigations usually take a minimum of six months to complete. Companies are normally sent a questionnaire and can then respond to questions in bi-lateral talks.
Data protection is currently policed by national regulators in the European Union's 27 member states, but the state regulators generally follow the advice of the A29WP.