The thing with privacy stance is that it is primarily based on trust. If Microsoft now goes into privacy centric company, nothing makes me trust them as much as I trust them going back into selling ads after 5 years.

It is a sensitive branding issue.

That’s why I think whatever trust solution we come up with will have a heavy audit component to it. I know everyone here hates SOX compliance, but the entire goal of SOX was to increase investors’ trust in financial reporting in the wake of the Enron accounting scandal. And it worked.

SaaS companies already make ridiculous margins. Applying a sensible regulatory framework around privacy and data usage auditing would add overhead to be sure, but I’m also sure software margins will cover it.