Microsoft confirmed on Tuesday that it had received a letter from the Article 29 Working Party that it would proceed with a probe. On October 26, the computer giant was notified of a preliminary investigation. The Article 29 Working Party (A29 WP) is made up of the data regulators from all European Union member states as well as the European Data Protection Supervisor (EDPS).
He added that Microsoft is working on clarifying the language of the agreement to make clear its privacy commitments. Koch also reiterated Microsoft's position that although customer data may be used to improve services, such as malware and spam filters, it is never used to target advertising.
The Luxembourg data protection authority and the French data protection authority, CNIL, will take the lead in investigating the policy. Such investigations usually take a minimum of six months to complete. Companies are normally sent a questionnaire and can then respond to questions in bi-lateral talks.
Data protection is currently policed by national regulators in the European Union's 27 member states, but the state regulators generally follow the advice of the A29WP.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.