In a privacy statement updated in advance of the Xbox One launch, Microsoft outlines how its new Kinect will use the data it collects, warning of a lack of privacy while chatting on Xbox Live and promising to keep details about your face and body private.
From the "skeleton" Kinect generates by scanning your body, to hand gestures, voice commands and exercise information from using Xbox Fitness, the statement expands upon the broader privacy concerns the company addressed in June, outlining some of the next-gen Kinect's touted features, like facial recognition and how the company plans to use that information.
Facial recognition on Xbox One can be used to sign players in automatically, which the privacy statement breaks down technically.
"The camera can be used to sign you into the Services on the console using facial recognition technology if you choose. To do this it measures distances between key points on your face to create a numeric value that represents only you. This value is stored as a very long set of numbers."
Microsoft says that information stays on the console and is not shared, adding, "No one could look at the numbers and know they represent you."
Similarly, Kinect's mapping of your body to produce a trackable skeleton produces a set of numeric values that are stored temporarily, then "destroyed" when you end a gameplay session. Microsoft says it may collect that body-tracking data, analyze it and use that information to "improve the gaming experience" but doesn't permanently store the data.
"The numeric values sent to Microsoft are destroyed after analysis is complete. The stick figure representation cannot be used to identify you."
Microsoft says hand gestures used to control the system and facial expressions — which can be used to "control or influence a game" — also cannot be used to identify players.
According to the privacy statement, when using Kinect's microphone array for online voice chat during gameplay, users "should not expect any level of privacy concerning your use of the live communication features such as voice chat, video and communications in live-hosted gameplay sessions offered through the Services." Microsoft says it may monitor that communication "to the extent permitted by law, but we cannot monitor the entire Service and make no attempt to do so."
The company notes that Xbox does not listen in on Skype calls.
If Xbox One owners use Kinect to control the system with voice commands, they can opt-in to share that data with Microsoft, the statement explains.
"With user consent, samples of voice commands occurring while using Kinect will be collected and periodically sent to Microsoft for product improvement. We also collect voice samples to provide the voice search service and, with user consent, for product improvement."
Microsoft used similar language in its Xbox Privacy Statement for the current-generation Kinect. It too sent skeleton and fitness data to Microsoft when playing Xbox 360 games online, and forwarded voice samples with players' consent.
For Xbox One, however, more fitness information may be collected. Players' exercise information culled from Xbox Fitness will be shared with Microsoft, the statement says, but players can choose whether they want to share it with other Xbox Live users. Microsoft says Kinect will estimate certain exercise information and players can provide "optional exercise attributes, such as your height, weight, age and gender" to improve the application's accuracy. Players can delete their Xbox Fitness data through the app and parents can control whether or not to share their children's exercise data.
Microsoft notes in its privacy statement that users can choose to unplug their Kinect or switch off its functions by saying "Kinect off." Users can also delete cached data stored by Kinect, but cautions that certain data, like voice samples already forwarded to Microsoft, cannot be deleted by users.