Naked Security Naked Security

Microsoft update: new Ts, new Cs and, for some of us, fáilte go hÉireann

We just received an important email from Microsoft. If you're a user of any of Microsoft's cloud services, you probably received one, too.

We just received an important email from Microsoft.

If you’re a user of any of Microsoft’s cloud services, you probably received one, too.

The main point of the email is to notify customers about a new Microsoft Services Agreement and a new Microsoft Privacy Statement.

If you don’t opt out by closing your account before 01 August 2015, you’ll automatically move to the new legalisms.

That doesn’t sound too onerous, or unusual, but there are lots of Microsoft services on the list, e.g. Bing, Cortana, MSN, Office, OneDrive, Outlook.com, Skype, Windows, Xbox, as well as an unnamed catchall in the form of “other Microsoft services.”

As a result, the privacy page alone is about 1500 words in its summary form, expanding to an impressive 15,000 words or so if you hit the “Expand All” button at the top.

That’s a lot of text to wade through, to be sure – for comparison, many novels weigh in at somewhere between 50,000 and 100,000 words.

However, Google recently got into general trouble in the EU, and into specific trouble with the Information Commissioner’s Office (ICO) in the UK, for having a privacy policy that wasn’t clear enough.

With that in mind, perhaps the detail provided by Microsoft is both necessary and desirable, for all that you might begin to wilt before you get to the end of reading it.

But more interesting that the new services contract and privacy agreement, is an official change in jurisdiction – or, at least, it seems that way if you’re based in Europe.

Although the email announcing the changes is tagged with Microsoft’s Redmond, Washington address, you may just find that your new contract is no longer merely with Microsoft, but explicitly with Microsoft Ireland Operations Limited.

Presumably, this legalistic switch is a side-effect of Microsoft’s brouhaha with the US authorities over access to customer data stored in its Dublin, Ireland data centre.

The US Department of Justice (DOJ) insisted that Microsoft, being a US company, should comply with a warrant requiring it to cough up email data relevant to a criminal investigation.

Microsoft dug its heels in, saying that it would not hand over the data, because it was stored overseas where the DOJ held no jurisdictional sway.

Redmond quickly acquired a swarm of fans in the technology community as a result – something of a switcheroo from the late 1990s and early 2000s, when the DOJ went after Microsoft for anti-competitive behaviour.

Back then, at least as far as we recall, public opinion was largely on the DOJ’s side, with Microsoft cast as a corporate ogre.

How times change!

PS. What do you think of this shift? Are you a US-based (or other non-EU) user of Microsoft’s on-line services? Did you receive a similar email? Will your contractual jurisdiction be changing to Ireland, too? Please let us know in the comments.