Craig Mundie. (Microsoft file photo)
Craig Mundie. (Microsoft file photo)

It’s inevitable that companies will collect an array of data about people and their online activities. So rather than trying to prevent that data collection from happening, consumers should instead be given the ultimate control over how data is used.

That’s the contention of a recent report from the World Economic Forum’s Rethinking Personal Data initiative. In many ways it’s a blueprint for how Microsoft wants online privacy to evolve. One of the members of the steering committee for the report was Craig Mundie, the longtime Microsoft executive who now serves as senior adviser to Microsoft CEO Steve Ballmer.

One of the report’s recommendations is to use “personal data vaults” that would “empower individuals with their data, allowing them to aggregate, store, find, securely share and get value from data about them and their lives.”

Microsoft is in a unique position on this topic compared with some other tech giants, such as Facebook and Google, which count much more heavily on advertising revenue. The targeting of ads today relies significantly on the tracking of users’ web activities. The Redmond company has also found itself at odds with the ad industry over its decision to activate the “Do Not Track” feature in Internet Explore 10 by default.

Mundie talked with reporters about Microsoft’s views on the topic during an event this week on the Microsoft campus. Here’s a portion of his remarks.

We concluded that from a policy and even a technology point of view, the current model around privacy can’t survive. … You’re just observed from so many quarters. … Even if I told you all the things that somebody had, could you possibly know how they would be aggregated? Our view is no, you can’t.

What we’ve been advocating for, and we’re working on now around the world with data regulators and others, is to develop a new model, which is based on controlling usage, not controlling collection and retention of the data. When you ask somebody, “Do you like this or not like this?” it’s always a usage question. Not, “Was it bad that I had the data?” Not really, it’s only bad that you did that thing to me.

We’re going to try to move our products in a direction where people are ultimately given a choice to permit or not permit a use, as opposed to trying to permit or not permit the existence of data, which we think is out of their control now. We’re very active in this with the policy people from around the world, and we’re really trying to think, how would we enlist the computer’s help in administering such a model, and we think we know how to do that. Now we have to get the consumer and ultimately the regulator to agree that that is going to be the new way.

So do you agree? Does this sound better or worse than the system today?

Like what you're reading? Subscribe to GeekWire's free newsletters to catch every headline


  • KDV…

    I totally agree with MS’s approach to the collection of personal information. Why wouldn’t we as individuals want to “control” (if that’s possible) information about us? I just hope the tide has not gone too far in the collection of our information to turn it back to allowing us to decide how it’s used,

  • jdubray

    There are three paradigm shifts that need to happen simultaneously for that kind of evolution to happen:
    – activities over knowledge
    – small data over big data
    – trusted data sharing over “sniffing around”

    With mobile terminal, it is now much easier to understand the task a user is trying to accomplish (and its context). Merchants no longer have to guess why you want to buy a product and can understand when you no longer need to buy that product (hint, just by looking at your To Do list).

    Merchants need to realize that Small data is far more valuable (and far less costly) than Big Data: Small Data is the data that an end user would willfully pass to algorithm in exchange of a better user experience. Merchant no longer need to collect and tie that information to my identity because the right pieces of information are all in one place (my mobile device) and can passed in real-time to algorithm.

    Mobile OSes have a unique position to mediate the sharing of trusted data (unlike the browser) because unlike Web sites and browsers, Platform operators can establish, realize and enforce a PII contract with App developers.

    More ideas developed here:

    Kudos to Microsoft for taking lead that effort.

  • Umamimami

    Cisco Connected World Technology Report found that 91 percent of Gen Y (18-30) believe that the age of privacy is over. One-third of respondents (n=1800) maintain that they are not worried about information captured and stored about them, and are willing to sacrifice personal information for online socialization.

    It’s about time we get control over how our data is used.

  • snowyegret

    I think this could be worse because it gives the illusion of control and I doubt that control will last for two seconds. Companies will require you to check the box surrendering control of your data if you want to get to the next screen to complete your transaction or whatever it is you’re trying to accomplish. Just as you have to check the box to agree with all of the horrendously onerous Terms of Use when you are installing software. And just as you have to agree to surrender the right to a class action suit or trial before a jury and instead submit to industry-dominated arbitration to settle disputes with a company. OF COURSE, you have a right to refuse to check all these boxes, but in the process you will be condemning yourself to live in the last century because of all of the services and products you will forfeit as a result.

    • Umamimami

      Microsoft has launched a beta of a user privacy dashboard. Head over to and sign in with your MS account.

      If you don’t have a MS account you’re still able to make some choices as to what ads you want to see:

      The MS dashboard is still in beta and could perhaps offer more insight and choices, but it’s a step in the right direction and could inspire others to make something similar.

  • ImSpartacus

    Perhaps Microsoft’s Craig Mundie can advise Microsoft founder Bill Gates on student data security and personal control –

    • guest

      Not sure what you’re talking about. The linked article suggests a fair amount of effort went into security. But nothing that runs across the public internet can be guaranteed 100%.

      • ImSpartacus

        There is no mechanism for a parent to exclude private and personal child data. And since anyone can access the data for any ‘educationa’l purpose, security is not relevant.

  • rufus

    The data sellers like google and facebook need to start paying the content providers (us). That is the only model that will work, because people will pay attention to their data vault when they realize that managing it properly pays better. And those who want to make the most can just check the ‘share everything’ box on their data vault. If Microsoft would implement this strategy by implementing ‘pay to use’ data vaults for all their users, they could destroy google in a hurry.

  • Guest

    Mundie, like much of MS’s failed senior team, is still working under the delusion that this is the 90’s and MS is in a position to shape industry direction. It isn’t. The people who are, including Google and the myriad of popular services that are ad-supported, will never agree to this plan. And without their participation it goes nowhere. Instead of coming up with grandiose and self serving schemes to change the industry, maybe Mundie et al should concentrate on things within MS’s control – like fixing W8 and WP, or coming up with a viable strategy for the Post PC world now that MS has lost the mobile and tablet markets, thanks in part to what Mundie couldn’t deliver in his previous role.

  • Brent

    “is to develop a new model, which is based on controlling usage, not controlling collection and retention of the data”

    Then why did IE 10 adopt a default DNT signal, which is aimed at the latter? I actually agree with the IE team’s position and think Mundie’s tracking and collection is inevitable is a copout. But shouldn’t MS at least strive to be consistent in its message? Like ever?

    On the issue itself, a lot of people willingly gave up their privacy in return for access to free software and services. I get that, and if you want control back on that then you’re probably SOL. A lot of other people, particularly younger ones, aren’t as concerned about privacy at all. I get that too, though recent incidents (e.g. people not getting hired because of something they said on FB) may slowly change that. For me though, I’m very stingy in the data I give up to use a service, I do care about privacy, but even with some decent technical training I have no idea how much of my data has been collected/resold anyway w/o my knowledge or permission. That part, at least, is unacceptable and needs to change.

  • End the clown show

    translated: Despite losing more than $15 billion trying, Bing has failed to take any share from Google and Gapps is a growing threat to Office. So the increasingly desperate and out of touch management of MS, having already discounted the option of innovating more on either front because that would be too darn hard, has decided that “privacy” is the new “patent” weapon of choice. And even though the latter didn’t slow Google down at all with Android, the ever optimist clowns running MS believe it will work here.


Job Listings on GeekWork