Definitely this document contains some good stuff. E.g. clear statement that internet searches are personal information. However, there are also some interesting things, which suggest Bruce is being a bit overenthusiastic.
"When a customer types a URL [...] has implicitly consented to sending that information [...] over the Internet."
Clearly an immoral justification of the Microsoft habit of capturing domain typos to their search engine. If I try to type an intranet site name (secretstuff.bigco.com), I do not expect a typo (secretstiff.bigco.com) to be sent to Microsoft.
Not unless they read those and then afterwards proceed to do something which is beyond the protections of fair use or local legal equivalent. In fact this is a very extreme legal land grab.
"The goal is to provide the appropriate level of notice so that the user remains engaged and is able to make informed decisions. "
The section on children's data requires giving full access to parents, but does not require warning children of this. That could be dangerous if children (misguidedly) attempt to use an MS services for help, e.g. when being abused by a parent.
"Disaster Recovery..... RAID Level 5...."
ha ha ha ha ha. Do they actually read what they are writing?
Another problem is that everything is justifiable for "business needs"; that's a pretty open term and could be used to justify anything which might just possibly make money. "Approved business needs" might be beter?