Internet and mobile companies

Microsoft Corp.


Key findings

  • One of the top performers in the Index, Microsoft disclosed strong implementation of its commitment to human rights and to users’ freedom of expression and privacy.
  • New transparency reporting improved Microsoft’s disclosure of policies affecting freedom of expression, including how the company handles government and private requests to restrict content or accounts
  • Microsoft disclosed more than all of its peers about its process for handling government and private requests for user information, but could do more to explain what user information it collects, shares, and retains.
Services evaluated



Microsoft was the second-ranked internet and mobile company and received the second-highest score in the Index overall, just after top-ranked Google. A founding member of the Global Network Initiative (GNI), Microsoft disclosed a strong commitment to freedom of expression and privacy. It made a number of improvements since the 2015 Index: Microsoft’s new Transparency Hub, launched in late 2015, resulted in increased scores across a number of freedom of expression indicators. In January 2017 Microsoft issued a human rights report with detailed information about the actions the company took in 2016 to implement its human rights commitments, which boosted its performance in the Governance category.

Despite its strong performance, there are areas for improvement. Microsoft could be more transparent about its process for enforcing its terms of service policies and do more to clarify how it handles user information.

Microsoft Corp. develops, licenses, and supports software products, services, and devices worldwide. The company offers a wide range of software and hardware for both consumer and business markets. Major offerings include Windows operating system, Microsoft Office, Windows Phone software and devices, Xbox video game system and related services, Surface devices and accessories, advertising services, server products, Skype, and Office 365 cloud services.

Internet Software and Services
USD 494,562 million



Microsoft tied with Yahoo for highest score out of all 22 companies evaluated in the Index in the Governance category. The company disclosed an explicit commitment to respect freedom of expression and privacy as human rights (G1), evidence of oversight of human rights issues by senior leadership (G2), and employee training and whistleblower programs that addresses these issues (G3). Microsoft’s new human rights report included details about the company’s human rights impact assessments, with an example of efforts to address freedom of expression risks associated with how it enforces its terms of service (G4). The company could further improve by clearly disclosing that it assesses the freedom of expression and privacy risks associated with its terms of service in a more systematic way, and further clarifying whether it conducts additional evaluation when risk assessments identify concerns.

Freedom of expression


Microsoft placed third out of the 12 internet and mobile companies evaluated in the Freedom of Expression category, after Google and Kakao.

Content and account restrictions: Microsoft performed well on this set of indicators compared to other internet and mobile companies, though it offered less disclosure than Twitter and Kakao (F3, F4, F8). It took a step forward by starting to publish data about its terms of service enforcement (F4), specifically related to content it removes for violating its policy on “non-consensual pornography” content on its search engine. It is one of only three companies to receive any credit on the indicator but could further improve by disclosing data on other types of content it removes for terms of service violations.

Content and account restriction requests: Microsoft placed in the top half of internet and mobile companies on this set of indicators, though it trailed Google, Yahoo, Kakao, and Facebook (F5-F7). Microsoft’s Transparency Hub disclosed the company’s process for responding to government and private requests to remove content (F5), and some data about requests from government and private parties it receives and complies with (F6, F7). However, the data provided covered only its search engine, Bing.



Microsoft placed second out of the 12 internet and mobile companies evaluated in the Privacy category, after Google.

Handling of user information: Microsoft disclosed less than Twitter, Google, and Yahoo about how it handles user information, although all companies scored poorly on these indicators (P3-P9). The company did not fully disclose the types of user information it collects, shares, or for what purpose (P3, P4, P5). Like most companies, it provided even less information about how long it retains this information (P6). Microsoft tied with Twitter and scored better than all other companies on its disclosure of options users have to control the information it collects, retains, and uses (P7). It also disclosed more than most companies about what options users have to obtain information the company holds about them (P8) and what information is collected about them from third parties (P9).

Requests for user information: Microsoft disclosed more than all of its peers about its process for handling government and private requests for user information (P10), but lagged behind Twitter, Facebook, and Google for disclosure of data on the requests it receives from these third parties (P11). The company earned the second-highest score after Yahoo for disclosing whether it has a policy to notify users about requests for their information (P12).

Security: Microsoft disclosed less than Google and Yandex about its security policies but more than any other internet and mobile company (P13-P18). The company disclosed an internal oversight process to ensure the security of user data (P13), and a bug bounty program to address security vulnerabilities (P14). It scored lower than Facebook, Yahoo, Apple, Yandex, and Google on disclosure of its encryption policies (P16), but along with Yandex was one of two companies to receive full credit for disclosing what measures users can take to secure their own accounts (P17).