ASA Ruling on Microsoft Corporation
One Microsoft Way
26 March 2014
Computers and telecommunications
Number of complaints:
A radio ad, for Microsoft Outlook, began with a character who stated, "Ymay ivatepray e-mailway isway onway ofway eirthay usinessbay." The voice-over then stated "Pig Latin may be hard to understand, but you probably need it if you use Gmail, because Gmail scans every word of your e-mails to sell ads. But Outlook.com doesn't. And you can choose to opt out of personalised ads. To stop Gmail from using your e-mails, use Outlook.com. Learn more at KeepYourEmailPrivate.com and keep your e-mails ivatepray".
Two complainants challenged whether the ad misleadingly implied that Outlook offered greater privacy than Gmail, because they understood that Outlook also scanned the contents of all e-mails, for purposes other than targeting ads.
Microsoft Corporation stated their belief that Outlook.com offered greater privacy than Gmail because the latter scanned e-mails for the purpose of targeting ads, whereas Outlook.com only undertook 'protective' scanning for viruses and spam. They considered that the scanning of e-mails for ad targeting in the Gmail system was a significant privacy issue, particularly as users could not opt-out, and referred to news articles which they believed reflected concerns of both consumers and regulators.
Microsoft stated that the ad focused on the scanning of e-mails for ad targeting, as this was a key distinguishing feature between Outlook.com and Gmail of which consumers might not be aware. They referred to a survey conducted on their behalf by a third party that stated that 64% of consumers are unaware that some e-mail providers scan e-mail content in order to target ads, and that 83% considered it an invasion of privacy.
Microsoft said that to not undertake protective scanning of e-mails would be irresponsible. They believed that it was expected, accepted and encouraged by both consumers and government regulators, and that it was an issue of great importance within the industry. They explained that this protective scanning was not mentioned in the ad because, unlike scanning to target advertising, scanning for viruses and spam was standard practice of which consumers were likely to be aware. Therefore, they considered that omission of this practice in the ad did not render it misleading. They also highlighted that protective scanning did not involve the collection and retention of consumer data, unlike scanning to target ads. They said that the superiority claim in the ad was limited to scanning for ad targeting, and that the ad made no claims (whether explicit or implied) that Outlook.com did not use any other form of e-mail scanning.
The RACC said that the ad didn't state that Outlook.com did not, under any circumstances, scan users' e-mails. Rather, the claim "Outlook.com doesn't" was in reference to the phrase "Gmail scans every word of your e-mails to sell ads" and was therefore correct. They stated that any targeted ads served through Outlook.com were delivered on the basis of user information, including details provided when the user registered their account, rather than scanned e-mail content, and the ability to opt-out of this targeting was referred to in the ad.
We acknowledged that Outlook.com scanned e-mails for viruses and spam messages, and that this was not referred to in the ad. However, we understood that this was standard practice for e-mail providers and considered that listeners were likely to expect this type of scanning to be carried out as a matter of course. We noted that the ad referred explicitly to Gmail scanning e-mail content for the purposes of targeting ads, and that this reference was immediately followed by the statement "Outlook.com doesn't". We considered that listeners were likely to appreciate that this statement was only in relation to scanning for ad targeting, rather than protective scanning, and that the ad did not state or imply that no other forms of scanning were utilised. We noted Microsoft's belief that the two types of scanning were different, as targeting required the collation and retention of data whereas protective scanning did not, and considered that the use of personal data was likely to be a privacy concern for some consumers. Because the ad made clear that the privacy claims were in relation to ad targeting, which Outlook.com does not carry out, we therefore concluded that the ad was not misleading.
We investigated the ad under BCAP Code rules 3.1 and 3.2 (Misleading Advertising) but did not find it in breach.