Microsoft promises not to use customer data for ads

Microsoft today said it had signed up to an international cloud privacy standard as part of its commitment not to use enterprise customer data for advertising.

In a blog post today, Microsoft head legal officer Brad Smith said the company had adopted the ISO/IEC 27018 standard, which establishes controls and guidelines for implementing measures to protect personally identifiable information (PII) for public clouds.

Along with banning the mining of enterprise customer data for targeted advertising, the cloud privacy standard's code of practice also requires Microsoft to disclose when governments access PII in the cloud - unless legally prohibited.

Microsoft's move to strengthen privacy and limit access to data stored in the cloud is in contrast to Google's policies, which state the search engine giant will scan and index emails for several purposes, including serving up relevant advertising. 

Google's automated scanning of email landed the company in legal hot water last year, when a United States court said its actions might breach the country's anti-wiretapping laws.

Smith said Microsoft Azure, Office 365 and Dynamics CRM Online had been verified by the British Standards Institute as being aligned with the ISO/IEC 27018 code of practice for protecting PII. 

The ISO/IEC 27018 standard also sets out controls around how PII data is processed, and ensures customers are told where their information is located and if any third-party contractors need to access it.

Mandatory data breach notification is also part of the standard.