Microsoft cookie replacement plans cook up security storm

"Privacy" written atop a circuit board

Microsoft is allegedly working on a replacement for the ubiquitous cookie that would enable the company to track users across all its devices, including Windows desktop and tablet computers, smartphones and its Xbox One next generation gaming console.

According to Advertising Age, the Redmond giant is currently in the early stages of developing the technology in-house for a gradual rollout across its devices and services at an unspecified later date.

Their strategy of removing legal controls on what they do is very dangerous.

According to the publication, the cookie replacement would be used as a device identifier "meaning consumers could give permission for its advertising use when opting in to a device's regular user agreement or terms of service. Microsoft would then become directly responsible for users' data," it states.

In a statement a Microsoft spokesperson told IT Pro: "Microsoft believes going beyond cookies is important. Our priority will be to find ways to do this that respect the interests of consumers."

Microsoft's chief marketing and strategy officer, Yusef Mehdi, also alluded to a unified advertising strategy across platforms at the National Advertisers' Masters of Marketing Conference, according to Advertising Age, who quoted him as saying: "We are trying to bridge some of the world between online and offline. That's a little bit of a holy grail in terms of how you understand the consumer in that 360 degrees of their life.

"We have a pretty unique position at Microsoft because of what we do with digital, as well as more and more with television because of the Xbox. It's early days, but we're starting to put that together in more of a unifying way, and hopefully at some point we can start to offer that to advertisers broadly."

The Microsoft spokesperson told IT Pro: "We have a long-standing commitment to your privacy and will not target ads to you based on any data [collected] unless you choose to allow us to do so. Furthermore, we will give you a clear explanation of what is collected and how it will be used.

"Importantly, we do not collect your personal information to share or sell to third parties, and you are fully in control over what personal data is shared. We have strict policies to protect your privacy and these policies will continue to be upheld with our next generation product."

However, Jim Killock, executive director at privacy campaigners the Open Rights Group, cast doubt on Microsoft's reassurances.

"The problem is a lot of this data may be held in pseudonymous form and there is a big lobbying effort from Microsoft and other tech companies to exclude pseudonymous data from a great deal of data protection," he told IT Pro.

"These companies are trying argue to the EU that if you strip out personal details from data then it is no longer personal data. They say end users shouldn't therefore have any control over the data once that has been done.

"So whatever they are saying, I think their strategy of removing legal controls on what they do is very dangerous and should tell us more than their wordy legalese," Killock concluded.

Jane McCallion
Managing Editor

Jane McCallion is ITPro's Managing Editor, specializing in data centers and enterprise IT infrastructure. Before becoming Managing Editor, she held the role of Deputy Editor and, prior to that, Features Editor, managing a pool of freelance and internal writers, while continuing to specialize in enterprise IT infrastructure, and business strategy.

Prior to joining ITPro, Jane was a freelance business journalist writing as both Jane McCallion and Jane Bordenave for titles such as European CEO, World Finance, and Business Excellence Magazine.