Michael D. Hintze: Written Testimony Before the Committee on Commerce, Science & Transportation United States Senate

Statement of Michael D. Hintze, Associate General Counsel, Microsoft Corporation
“Privacy Implications of Online Advertising”
July 9, 2008

Chairman Inouye, Ranking Member Stevens, and honorable Members of the Committee, my name is Michael Hintze, and I am an Associate General Counsel of Microsoft Corporation. Thank you for the opportunity to share Microsoft’s views on the important privacy issues presented by advertising on the Internet. We appreciate the initiative that this Committee has taken in holding this hearing, and we are committed to working collaboratively with you, the Federal Trade Commission, consumer groups, and other stakeholders to protect consumers’ privacy interests online.

Much is at stake with respect to the issues we will be considering today. Online advertising has become the very fuel that powers the Internet and drives the digital economy. It supports the ability of websites to offer their content and services online; it has created new opportunities for businesses to inform consumers about their products and services; and it allows consumers to receive ads they are more likely to find relevant. Simply stated, the Internet would not be the diverse and useful medium it has become without online advertising.

At the same time, online advertising is unique because it can be tailored automatically to a computer user’s online activities and interests. An online ad can be served based on the website a user is visiting, the searches a user is conducting, or a user’s past Internet browsing behavior, among other things. In each instance, serving the online advertisement involves the collection of information about consumers’ Internet interactions. And this data collection has implications for consumer privacy.

The objective we face is to maintain the growth of online advertising while protecting consumer privacy. This is a commitment Microsoft embraces. We recognize that consumers have high expectations about how we and other Internet companies collect, use, and store their information. Consumers must trust that their privacy will be protected. If the Internet industry fails to meet that standard, consumers will make less use of online technologies, which will hurt them and industry alike.

It also could hurt the U.S. economy. E-commerce sales reached $136.4 billion in 2007, an increase of 19% from 2006, according to the U.S. Census Bureau. In comparison, total retail sales in 2007 increased only 4% from 2006. If consumers feel that Internet companies are not protecting their privacy, the Internet’s ability to serve as an engine of economic growth will be threatened. This means that Microsoft, and all companies operating online, must adopt robust privacy practices that build trust with consumers.

Microsoft has a deep and long-standing commitment to consumer privacy. Microsoft was one of the first companies to appoint a chief privacy officer, an action we took nearly a decade ago, and we currently employ over 40 employees who focus on privacy full-time, and another 400 who focus on it as part of their jobs. We have a robust set of internal policies and standards that guide how we do business and how we design our products and services in a way that respects and protects user privacy. And we have made significant investments in privacy in terms of training and by building our privacy standards into our product development and other business processes.

In general, three key principles have guided our approach to privacy issues:

Transparency. We believe consumers should be able to easily understand what information will be collected about them and when. They also should know how such information will be used and whether it will be combined with other information collected from or about them.

Control. We believe consumers should be able to control whether their personal information is made available to others and should have a choice about whether information about their online activities is used to create profiles for targeted advertising.

Security. Consumers and their information should be protected against outside threats and from unwanted disclosure. Data that directly identifies individual consumers, such as name and email address, should not be stored in direct association with search terms or data about Web surfing behavior used to deliver ads online. And strict data retention policies should apply to search data.

Today, I will discuss why we believe these principles are important, how we have put each of these principles into action, and how they underlie Microsoft’s approach to privacy in online advertising. But first I would like to provide an overview of how online advertising works, the role that consumer data plays in serving online ads, and the online advertising market.

Online Advertising And the role of user data

Consumers today are able to access a wealth of information and a growing array of services online for free. Websites can offer this content and these services for free because of the income they receive from advertising. Just as newspapers and TV news programs rely on traditional advertising, online news sites and other commercial websites rely on online advertising for their economic survival. Online advertising is particularly critical for the thousands of smaller websites that do not publish through offline channels and thus depend entirely on the revenue they receive from selling space on their websites to serve ads online. It is also critical for smaller businesses that serve niche markets (e.g., out-of-print books on European history) who rely on online advertising to reach those niche audiences cost-effectively; indeed, many of these businesses could not survive without it.

The importance of online advertising is evident from its growing share of the overall advertising market. It accounted for $21 billion of the market in 2007 and is expected to grow to $50 billion in the next three years. In the United States, online advertising spending already exceeds spending for advertising through radio, magazines, and cable television.

One reason for this rapid growth is the ability to target online ads to Internet users. Newspaper, magazine, and television advertisements can, of course, be targeted based on the broad demographics of readers or viewers. But the Internet is interactive, and this interaction yields a wealth of data about users’ activities and preferences. Each search, click, and other user action reveals valuable information about that user’s likely interests. The more information an entity collects, the greater that entity’s ability to serve an advertisement that is targeted to the user’s interests. This targeting benefits users, not only because it enables the free services and content they enjoy, but also because the ads they see are more likely to be relevant. And it benefits advertisers because users are more likely to respond to their ads.

There are a variety of ways in which data can be collected about users to serve targeted ads on the Internet. Users reveal information about what they are looking for when they search online, and ads can be targeted to their search queries. Advertising networks enter into agreements with websites that allow them to display ads; to deliver and target those ads, data is gathered about the pages users view and the links users click on within those sites. And new business models are emerging where data about users’ online activities can be collected through a user’s Internet service provider, and ads can be served based on that information. In general, most data collection happens in connection with the display of ads. This means the entity that serves the most ads (search and/or non-search ads) will also collect the most data about users.


The online advertising ecosystem has undergone significant changes in the past few years. There continue to be millions of websites that display online ads and thousands of advertisers who use online advertising. However, there is a relatively small number of so-called advertising networks, or “middlemen,” to bring advertisers and websites together to buy and sell online ad space. And the number of companies playing this intermediary role has decreased significantly in recent months as a result of consolidation in the industry.

This market consolidation impacts the privacy issues we are discussing today in several ways. First, it is important to recognize that in the past, advertising networks typically did not have direct relationships with consumers. Today, however, the major ad networks are owned by entities — such as Microsoft, Google, and Yahoo! — that provide a wide array of Web-based services and, therefore, often have direct relationships with consumers. This increases the potential that data collected through online advertising will be combined with personally identifiable information. While Microsoft has designed its online advertising system to address this concern, no ad network is required to do so.

Further, as noted above, there is a direct connection between the market share of an advertising network or an online search provider and the amount of data collected about a user’s online activity. For example, the larger the share of search ads a company delivers, the larger number of users’ online search queries it collects and stores. Similarly, the larger the share of non-search ads an advertising network delivers across the Web, the larger number of users’ page views it collects and stores, and the more complete picture of individuals’ online surfing behavior it is able to amass. Today, Google AdWords is the leading seller of search advertising. Google also has the leading non-search ad network, AdSense. Google recently expanded its reach into non-search by acquiring DoubleClick. By comparison, Microsoft is a relatively small player in search ads, and its reach in non-search advertising is also smaller than Google’s. Google’s growing dominance in serving online ads means it has access to and collects an unparalleled amount of data about people’s online behavior.

There also is a critical relationship between competition and privacy that must not be overlooked in this discussion. Competition ensures companies have an incentive to compete on the basis of the privacy protections they offer. On the other hand, a dominant player who is insulated from competitive pressure has little reason to heed consumer demand for stronger privacy protections and faces no significant competitive pressure from other firms offering superior privacy practices. Indeed, if a dominant player could generate additional profits by diluting its privacy practices, there is a significant risk it may do so. This could bring about a “race to the bottom” on privacy as other companies weaken their privacy practices in an effort to catch up to the market leader.

Yahoo! and Google’s recently announced agreement raises important questions in this regard. Under the agreement, Yahoo! will outsource to Google the delivery of ads appearing alongside Yahoo!’s search engine results. This has the potential to give Google, the market leader, further control over the sites and services where ads are served, enabling Google to collect even more data about computer users and potentially to combine that data with the personal information it has on those users. It also will reduce competition in the search advertising market, and thereby weaken Google’s incentives to compete on the quality of its privacy practices. Both of these outcomes have implications for consumer privacy.

Microsoft’s commitment to privacy IN ONLINE ADVERTISING

Microsoft recognizes the role that data plays in online advertising and the corresponding importance of protecting consumer privacy. To guide our approach to data collection for online advertising, we released Microsoft’s Privacy Principles for Live Search and Online Ad Targeting last July. We are deeply committed to these principles, which focus on bringing the benefits of transparency, control and security to the protection of consumers’ data and privacy online.


I want to first touch upon the importance of transparency. Transparency is significant because it provides consumers with an informed understanding of a company’s data collection practices, of how their data might be used, and the privacy controls available to users. Without transparency, consumers are unable to evaluate a company’s services, to compare the privacy practices of different entities to determine which online products and services they should use, or to exercise the privacy controls that may be available to them. Transparency also helps ensure that when consumers are dealing with a company that has adopted responsible privacy practices, they do not needlessly worry about unfounded privacy concerns, which could prevent them from taking advantage of new technologies.

Transparency is also essential to ensure accountability. Regulators, advocates, journalists and others have an important role in helping to ensure that appropriate privacy practices are being followed. But they can only examine, evaluate and compare practices across the industry if companies are transparent about the data they collect and how they use and protect it.

Transparency is especially important with respect to online advertising. This is because consumers may not understand the types of information that entities collect or log in providing advertisements online. For example, many consumers may not realize that information about the pages they are viewing, the searches they are conducting, or the services they are using may be collected and used to deliver online ads.

For this reason, Microsoft believes that any entity that collects or logs any information about an individual or computer for the purpose of delivering advertisements online should provide clear notice about its advertising practices. This means posting a conspicuous link on the home page of its website to a privacy statement that sets forth its data collection and use practices related to online advertising. Consumers should not be required to search for a privacy notice; it should be readily available when they visit a website. This obligation should apply to entities that act as ad networks, as well as to websites on which ads appear — whether they display ads on their own or rely on third parties to deliver online advertising.

In addition to being easy to find, the privacy notice must be easy to understand. While many websites have publicly posted a privacy notice, this alone is not enough. Too often, the posted privacy notice is complex, ambiguous and/or full of legalese. These notices make privacy practices more opaque, not more transparent. Instead, short and simple highlights are essential if consumers are to easily understand a company’s information practices. It helps avoid the problem of information overload, while enabling consumer awareness.

Finally, to ensure that the consumer can be fully informed, the privacy notice should also describe the website’s data collection and use activities in detail. This includes, at a minimum, descriptions of the types of information collected for online advertising; whether this information will be combined with other information collected from or about consumers; and the ways in which such information may be used, including whether any non-aggregate information may be shared with a third party.

Microsoft has embraced these obligations. We post a link to our privacy notice on every page of our websites, including the home page. We also were one of the first companies to develop so-called “layered” privacy notices that give clear and concise bullet-point summaries of our practices in a short notice, with links to the full privacy statement for consumers and others who are interested in more detailed information. And our privacy statement is clear about the data we collect and use for online advertising. Further, we have released more detailed information about our practices, such as a white paper that describes the methods we use to “de-identify” data used for ad targeting. To illustrate our efforts to be transparent about our practices, we have included in Appendix 2 screen shots of the privacy link available on the home page of our Windows Live search service and of our layered privacy notice, including both the short notice and our full online privacy statement.


The second core principle Microsoft looks to in protecting our customers’ privacy is user control. Consumers should have a choice about how information about their online activities is used, especially when that information can be aggregated across multiple websites or combined with personal information. Microsoft has made consumer control a key component of our practices online.

As an example, Microsoft has recently deployed a robust method to enable users to opt out of behavioral ad targeting. As background, most industry players that offer consumers a choice about having information about their online activities used to serve behaviorally targeted ads do so by offering consumers the ability to place an “opt-out” cookie on their machines. In general, this process works well, but it does have some inherent limitations. For example, opt-out cookies are computer-specific — if a consumer switches computers, he or she will need to specify any opt-out preferences again. Further, if cookies are deleted from the user’s PC, that user’s opt-out choice is no longer in effect. To address these limitations, Microsoft now gives consumers the option to tie their opt-out choice to their Windows Live ID. This means that even if they delete cookies on their machine, when they sign back in their opt-out selection will persist. It also means that a single choice can apply across multiple computers that they use. This will help ensure that consumers’ choices are respected.

Microsoft also has committed to respecting consumers’ opt-out choice on all sites where it engages in behavioral advertising. This means that consumers are offered a choice about receiving behaviorally targeted ads across both third-party websites on which Microsoft delivers behaviorally targeted ads, as well as Microsoft’s own websites. This is important because consumers reasonably expect that the opt-out choice offered by a company would apply on all websites where that company engages in behavioral advertising practices. This is another example of where we have committed to going beyond standard industry practice to better protect the interests of consumers.

We also recognize it is appropriate that the level of consumer control may vary depending on the data that will be used to serve an online ad. For example, many consumers have serious reservations about the receipt of targeted advertising based on the use of certain categories of personally identifiable information, particularly those that may be considered especially sensitive. Thus, we have proposed that companies should obtain additional levels of consent for the use of such information for behavioral advertising — including affirmative opt-in consent for the use of sensitive personally identifiable information.


The third principle we look to in protecting consumers’ privacy is that strong, simple, and effective security is needed to strengthen consumers’ trust in our products, the Internet, and all information technologies. Security has been fundamental at Microsoft for many years as part of our Trustworthy Computing initiative. And it plays a key role with respect to our online advertising practices.

We have taken a broad approach to protecting the security of computer users with respect to serving ads online. This approach includes implementing technological and procedural protections to help guard the information we maintain. We also have taken steps to educate consumers about ways to protect themselves while online, and we have worked closely with industry members and law enforcement around the world to identify security threats, share best practices, and improve our coordinated response to security issues.

In addition, we have designed our systems and processes in ways that minimize their privacy impact from the outset while simultaneously promoting security. For example, we use a technical method (known as a one-way cryptographic hash) to separate search terms from account holders’ personal information, such as name, email address, and phone number, and to keep them separated in a way that prevents them from being easily recombined. We have also relied on this method to ensure that we use only data that does not personally identify individual consumers to serve ads online. As a result of this “de-identification” process, search query data and data about Web surfing behavior used for ad targeting is associated with an anonymized identifier rather than an account identifier that could be used to personally and directly identify a consumer.

Finally, we have implemented strict retention policies with respect to search query data. Our policy is to anonymize all such data after 18 months, which we believe is an appropriate timeframe in our circumstances to enable us to maintain and improve the security, integrity and quality of our services. We intend to continue to look for ways to reduce this timeframe while addressing security, integrity and quality concerns. In addition, unlike other companies, our anonymization method involves irreversibly removing the entire IP address and other cross-session identifiers, such as cookies and other machine identifiers, from search terms. Some companies remove only the last few digits of a consumer’s IP address, which means that an individual search query may still be narrowed down to a small number of computers on a network. We think that such partial methods do not fully protect consumer privacy, so we have chosen an approach that renders search terms truly and irreversibly anonymous.

MICrosoft’s support for self-regulation and privacy legislation

Microsoft believes that these core principles of transparency, control, and security are critical to protecting consumers’ privacy interests online. These principles form the basis for our support of robust self-regulation in the online advertising market and for baseline privacy legislation.

We have been an active participant in self-regulatory efforts. Microsoft has been engaging with the Network Advertising Initiative (“NAI”), a cooperative of online marketing and advertising companies that addresses important privacy and consumer protection issues in emerging media. The NAI is currently in the process of revising its guidelines to address changes in the online advertising industry. The NAI’s efforts have been critical to understanding the privacy issues associated with online advertising, and we will continue to work with them as they finalize their draft proposal.

We also filed comments responding to the Federal Trade Commission’s request for input on a proposed self-regulatory framework for online advertising. In our comments, we explained the need for a broad self-regulatory approach since all online advertising activities have potential privacy implications and some may be contrary to consumers’ expectations. To this end, we proposed a tiered approach to self regulation that is appropriately tailored to account for the types of information being collected and how that information will be used. It would set a baseline set of privacy protections applicable to all online advertising activity and would establish additional obligations for those companies that engage in practices that raise additional privacy concerns. We are attaching a copy of our comments to the FTC for your convenience.

In addition to supporting self-regulatory efforts, we have long advocated for legislation as a component of effective privacy protections. We were one of the first companies to actively call for comprehensive federal privacy legislation. More recently, we have supported balanced and well-crafted state legislation on privacy in online advertising that would follow the general structure proposed in our FTC comments. And we would be glad to work with the Committee on similar national privacy standards that would protect both privacy and opportunities for innovation in the online advertising industry.

Our support of self regulation in the online advertising market and prudent privacy legislation is only a part of our comprehensive approach to protecting consumer privacy. We will continue to support consumer education efforts to inform users of how to best protect themselves and their information online. And we will persist in our efforts to develop technology tools that promote the principles of transparency, control, and security. In short, we are prepared to work collaboratively on all fronts to maintain the growth of online advertising while fostering consumer trust online.


Microsoft recognizes that the protection of consumer privacy is a continuous journey, not a single destination. We can and will continue to develop and implement new privacy practices and protections to bring the benefits of transparency, choice, and security to consumers. Thank you for giving us the opportunity to testify today. We look forward to working with you to ensure consumers’ privacy interests are protected as they continue to enjoy the proliferation of free services and information that online advertising supports.


  1. U.S. Census Bureau, Quarterly Retail E-Commerce Sales: 4th Quarter 2007, Feb. 15, 2008, available at



  2. Some of these standards are set forth in Microsoft’s Privacy Principles for Live Search and Online Ad Targeting, attached as Appendix 1. This document is also available at


    . Additionally, Microsoft’s Privacy Guidelines for Developing Software Products and Services, which are based on our internal privacy standards, are available at



  3. It has become a standard approach to the online economy that there is a value exchange in which companies provide online content and services to consumers without charging a fee and, in return, consumers see advertisements that may be targeted.

  4. See Interactive Advertising Bureau, IAB Internet Advertising Revenue Report, 7, May 2008, available at http://www.iab.net/media/file/IAB_PwC_2007_full_year.pdf; Yankee Group, Yankee Group Forecasts US Online Advertising Market to Reach $50 Billion By 2011, Jan. 18, 2008, available at



  5. See Brian Morrissey, IAB: Web Ad Spend Tops Cable, Radio, ADWEEK, May 15, 2008, available at



  6. It is for this reason advertisers are willing to pay more for targeted ads. For example, although Merrill Lynch has reported that the average cost per 1000 impressions (“CPM”) is $2.50, entities engaged in behavioral targeting have reported average CPMs as high as $10. See Brian Morrissey, Aim High: Ad Targeting Moves to the Next Level, ADWEEK, Jan. 21, 2008, available at


    . Data also shows that 57% of 867 search engine advertisers and search engine marketing agencies polled “were willing to spend more on demographic targeting, such as age and gender.” Search Engine Marketing Professional Organization, Online Advertisers Are Bullish on Behavioral Targeting, May 15, 2008, available at



  7. Search ads are selected based on the search term entered by a user and sometimes on data that has been collected about the user, such as the user’s history of prior searches. Search ads generally appear either at the top of the search results or along the right-hand side of the page. They often are displayed as text, but they may include graphics as well. Advertisers bid against each other for the right to have their ads appear when a specific search term is entered (known as a “keyword”).

  8. These non-search ads are what users see when they visit virtually any site on the Internet other than a search engine site. They can be based on the content of the page the user is viewing (typically referred to as “contextual” ads) or on a profile of a user’s activities that has been collected over time (referred to as “behavioral” ads). But in either case, the company serving the ad would log the pages users view – typically in association with a cookie ID from the user’s computer and/or an IP address.

  9. Three examples of this are Microsoft’s acquisition of aQuantive, Yahoo!’s acquisition of RightMedia and Google’s acquisition of DoubleClick. For more information about the key players in the advertising market and the impact of consolidation in the market, see the testimony of Microsoft General Counsel Brad Smith before the Senate Judiciary Committee, available at



  10. See section III.C below.

  11. Based on comScore’s Core Search Report, in May of this year, 62% of searches were performed in the U.S. on Google, amounting to roughly 6.7 billion searches. comScore, comScore Releases May 2008 U.S. Search Engine Rankings, June 19, 2008, available at


    . Google also has strategic agreements with AOL and Ask that allow Google to serve ads to those companies’ search engine sites. Adding AOL’s (4.5%) and Ask.com’s (4.5%) share of the search queries, Google’s share rises to 71%. See id

  12. Following its acquisition of DoubleClick, Google now serves in the range of 70% of all non-search advertisements. See, e.g., Lots of Reach in Ad . . ., April 1, 2008, available at



  13. Microsoft’s Live Search has approximately 8.5% of Core Search queries in the United States. comScore, comScore Releases May 2008 U.S. Search Engine Rankings, June 19, 2008, available at



  14. Concerns have been raised about this dominance as well as the privacy protections surrounding the enormous amount of information about users’ online behavior that this dominance enables. See, e.g., Electronic Privacy Information Center, Supplemental Materials in Support of Pending Complaint and Request for Injunction, Request for Investigation and for Other Relief, June 6, 2007, available at


    (“The combination of Google (the world’s largest Internet search engine) with DoubleClick (the world’s largest Internet advertising technology firm) would allow the combined company to become the gatekeeper for Internet content. . . . The detailed profiling of Internet users raises profound issues that concern the right of privacy. . . .”); see also, Jaikumar Vijayan, Google Asked to Add Home Page Link to Privacy Policies, COMPUTERWORLD, June 3, 2008, available at


    ; Privacy International, A Race to the Bottom: Privacy Ranking of Internet Service Companies, Sept. 6, 2007, available at


    (We “witnessed an attitude to privacy within Google that at its most blatant is hostile, and at its most benign is ambivalent.”).

  15. See


  16. With Google’s 71% search query share in the U.S. based on its relationship with AOL and Ask.com (see supra fn. 11), in combination with Yahoo’s 20.6% share of the core search query market, Google will be able to gather information on up to 92% of online searches. See comScore, comScore Releases May 2008 U.S. Search Engine Rankings, June 19, 2008, available at



  17. See Jeff Chester, A Yahoo! & Google Deal Is Anti-Competitive, Raises Privacy Concerns, May 22, 2008, available at



  18. See Appendix 1. Microsoft’s Privacy Principles for Live Search and Online Ad Targeting are also available at



  19. See section III.C below.

  20. Microsoft’s personalized advertising opt-out page is available at



  21. See, for example, Microsoft’s comments to the Federal Trade Commission’s proposed self-regulatory framework for online advertising, included as Appendix 4 and available at


  22. A white paper describing Microsoft’s “de-identification” process is attached to these comments as Appendix 3. It is also available at



  23. Atlas, which was part of Microsoft’s recent acquisition of aQuantive, was a founding member of NAI.

  24. See Appendix 4. Our comments are also available at



  25. See



  26. A. 9275-C, 2007-2008 Reg. Sess. (N.Y. 2008), available at


    (imposing minimum notice and choice obligations on certain website publishers and advertising networks); S. 6441-B, 2007-2008 Reg. Sess. (N.Y. 2008), available at


    (imposing baseline notice, choice, security, and consumer access obligations on certain third-party advertising networks); H.B. 5765, 2008 Gen. Assem., Feb. Sess. (Conn. 2008), available at


    (imposing minimum notice, choice, security, and use limitations on third-party advertising networks).