Microsoft updated its Privacy Statement on June 26, 2026, restructuring and revising 879 sentences while adding 211 new ones across 1,628 total sentences. The company reorganized the document's table of contents, renaming sections such as 'Reasons we share personal data' to 'Reasons we disclose personal data' and 'Where we store and process personal data' to 'Storage and processing of personal data.' The statement now emphasizes that 'Your privacy is important to Microsoft' rather than 'us,' and uses first-person plural language throughout ('we process' instead of 'Microsoft processes'). Microsoft states the refresh makes the policy 'easier to read, navigate, and understand, with clearer explanations of how we use data and the choices available to you.'
Microsoft restructured its privacy statement on June 26, 2026, with extensive revisions to wording and organization. The core document now uses clearer first-person language ('we process' instead of 'Microsoft processes') and reorganizes sections for improved navigation. Microsoft states the refresh was designed to make the policy 'easier to read, navigate, and understand, with clearer explanations of how we use data and the choices available to you.' The substantive scope of what personal data Microsoft collects and how it processes that data does not appear materially altered by these revisions based on the change summary provided.
The updated Privacy Statement reorganizes Microsoft's disclosure of data practices for clarity and navigation. While the structural revision is extensive, the change summary does not indicate material expansion of Microsoft's asserted authority over personal data collection, processing, or sharing. Users reviewing the updated statement should encounter clearer explanations of existing practices rather than new or expanded data processing claims.
Sections reorganized and renamed for improved navigation; no substantive change to data processing scope detected.
This change record describes what was added, removed, or modified in the document. Analysis reflects what the updated agreement states or permits. It does not constitute a legal determination about enforceability. Applicability may vary by jurisdiction. Methodology
Microsoft updated its Privacy Statement on June 26, 2026, through extensive structural and linguistic revision. The change involves reorganization of section names (for example, 'Reasons we share personal data' became 'Reasons we disclose personal data') and rephrasing for clarity rather than substantive expansion or contraction of Microsoft's asserted data processing authority. No new data collection categories, processing purposes, or retention periods are evident from the change summary. Organizations that reference Microsoft's privacy statement in vendor assessments or data processing agreements should review the reorganized structure and updated language for any substantive changes to data handling practices, but the change appears primarily organizational and clarificatory in nature.
Full compliance analysis
Obligation analysis, escalation trigger, board language, and recommended action.
Monitor: regulatory citations + obligations. Compliance: full compliance memo.
ConductAtlas provides verified policy intelligence sourced directly from platform documents. All analysis is intended to support, not replace, legal and compliance review. Record CA-C-003294.
New foundational provision establishing the scope and sources of data collection including direct provision, behavioral tracking, contextual collection, and third-party sources.
New clarification distinguishing Microsoft's role as processor versus controller in enterprise contexts, establishing that client organizations retain data control authority.
New provision addressing state-level privacy rights under emerging U.S. state privacy laws including access, correction, deletion, portability, and opt-out rights for sales and targeted advertising.
New provision detailing use of data for personalization, recommendations, and interest-based advertising with acknowledgment of promotional communications.
New provision establishing notification procedures for material privacy statement changes, including prominent notice posting and direct notification requirements.
High-severity provision on behavioral profiling removed, likely consolidated into the new 'Advertising and Interest-Based Targeting' provision with lower medium severity.
High-severity provision on third-party data sharing removed entirely, with only implicit reference remaining in the new 'Personal Data Collection Scope' provision about obtaining data from third parties.
General consumer rights provision removed and replaced with jurisdiction-specific 'U.S. State Data Privacy Rights' provision reflecting regulatory evolution toward state-level privacy laws.
High-severity provision on biometric and voice data collection removed without explicit replacement, potentially subsumed under broader 'Personal Data Collection Scope' provision.
High-severity provision on location data collection removed without explicit replacement, representing potential downgrade in transparency regarding sensitive location tracking practices.
Provision changed from empty excerpt to detailed specification of AI data collection including prompts, content, responses, and usage patterns with explicit purposes.
Severity downgraded from high to medium and provision now includes specific contact procedure and deletion commitment with explicit age threshold of 13.
Provision changed from empty excerpt to detailed explanation of cookie functionality including preference storage, sign-in, interest-based advertising, fraud prevention, and performance analysis.
Provision changed from empty excerpt to comprehensive disclosure of global data transfers with explicit mention of U.S. transfers and acknowledgment of different data protection standards.
Severity downgraded from medium to low and provision expanded from empty excerpt to specify retention purposes including legal compliance, dispute resolution, and agreement enforcement with acknowledgment of variation by product.
Cross-platform context
See how other platforms handle similar provisions across the ConductAtlas archive.
See the full side-by-side comparison of every sentence added, removed, and modified.
🔒 Full diff — MonitorMicrosoft Azure updated its privacy policy on April 19, 2026, making several changes to how it handles your data and …
Microsoft revised how it explains data retention. Previously, the policy listed specific criteria for deciding how long to keep data, …
Microsoft Azure's privacy policy now discloses that if you consent to receive marketing communications via phone, the company may contact …
We read the privacy policies and terms of service of 38 AI platforms. Here is what they say about training, retention, arbitration, and lia…
Get alerted when this policy changes again — including what changed and why it matters.
Prefer a weekly summary instead?
Get the biggest policy changes across 320+ platforms every Sunday.