Microsoft had initially planned to introduce ads in the Windows 10 Mail app, and even set up a support page dedicated to this feature. However, following significant backlash from users, Frank X. Shaw, Microsoft’s Head of Communications, tweeted that the ad rollout wasn’t intended for broad testing and confirmed that the ads have since been disabled. Prior to this, Microsoft indicated that ads would appear for all users, regardless of whether they used Microsoft email services like Outlook or third-party services such as Gmail or Yahoo. The only way to avoid seeing these ads would be to purchase an Office 365 subscription. A pilot program for ads was running in countries like Brazil, Canada, Australia, and India to gather user feedback.
Microsoft intended for the ads to be interest-based, utilizing an advertising ID generated for each user on their device. This ID would allow both Microsoft and third-party apps to access relevant advertising information, resembling how websites use cookies to track users. While the Mail app was designed to offer ads tailored to user interests—using demographic information for those logged in with a Microsoft Account—users could opt to disable interest-based advertising. However, this would result in less relevant ads rather than complete ad elimination. Microsoft claims that it does not utilize email content, calendars, or contacts for ad targeting, which has somewhat alleviated concerns regarding personal privacy.
Nevertheless, privacy remains a significant issue. A report from Privacy Company highlights that Microsoft collects and retains user data without adequate disclosure, including tracking users’ interactions with applications like Word, Excel, and Outlook in ways that many users may not be aware of. This telemetry data collection, particularly as Microsoft moves more services to the cloud, raises marked data protection risks. Certain findings from a Data Protection Impact Assessment (DPIA) cite high concerns around the storage of sensitive data, categorization of Microsoft’s role as a data processor, and the transfer of diagnostic data outside the EEA under questionable legal agreements.
Additionally, Privacy Company recommends several measures for enterprises to mitigate these risks, such as avoiding the use of SharePoint Online and OneDrive, refraining from web-only Office 365 versions, and adopting standalone deployments for sensitive data.
In Summary
As companies navigate the balance between providing free services and maintaining user privacy, it’s vital for Microsoft to prioritize transparency and control for users over how their data is handled. While the use of targeted ads may enhance user experience, the persistent privacy concerns highlight a need for clearer communication and more stringent data protection practices. Brands that effectively address these issues can build greater loyalty among users who are increasingly aware and critical of data handling practices.
