Microsoft updated their Microsoft Privacy Statement (Legacy) on June 26, 2026. Change detected: 211 sentence(s) added, 879 sentence(s) removed, 796 sentence(s) modified. Document contained 1628 sentences after update.
Impact assessment pending documentation review.
Institutional analysis pending. This change has been verified and documented.
This change record describes what was added, removed, or modified in the document. Analysis reflects what the updated agreement states or permits. It does not constitute a legal determination about enforceability. Applicability may vary by jurisdiction. Methodology
This new provision explicitly categorizes and explains the sources and methods of data collection, providing greater transparency about how Microsoft gathers personal information.
This new provision addresses voice/audio data collection specifically, clarifying user control mechanisms and deletion rights for voice data, reflecting growing consumer concerns about audio privacy.
This new provision acknowledges state-level privacy laws and explicitly enumerates consumer rights under comprehensive U.S. state privacy regulations, demonstrating Microsoft's compliance with emerging fragmented privacy landscape.
This provision moves from the previous version's medium severity 'Data Retention After Account Deletion' to a comprehensive data retention policy with explicit flexibility acknowledgment, reducing transparency.
This new provision clarifies the rights of organizations/employers to access and control employee/user data, which is critical for enterprise users to understand workplace privacy implications.
This new provision establishes Microsoft's process for notifying users of privacy statement changes, providing transparency about how policy updates will be communicated.
The previous high-severity provision on AI data use was replaced with a more detailed but lower-severity provision, potentially reducing emphasis on AI-related privacy risks.
The previous targeted advertising provision was consolidated and reframed into the 'Advertising and Behavioral Targeting' provision with added reassurances about permission requirements.
This high-severity provision was removed entirely, potentially obscuring Microsoft's policies on sensitive health and biometric data collection and use.
The previous high-severity provision on cross-product data sharing was replaced with a lower-severity version, potentially reducing consumer awareness of data sharing scope across Microsoft's ecosystem.
This Windows-specific telemetry provision was removed, eliminating explicit disclosure about operating system-level data collection practices.
The previous explicit provision on data subject rights was replaced with state-specific U.S. rights language, reducing clarity about GDPR and other international privacy rights.
Severity downgraded from high to medium, and provision now includes detailed explanation of how AI inputs/outputs are used for model improvement and internet connectivity disclosure.
Provision now includes explicit statement that personal data is not shared with advertisers without permission, clarifying Microsoft's position on behavioral targeting practices.
Severity downgraded from high to medium, and provision now includes specific mention of Microsoft Family Safety features and regional age variation acknowledgment.
Provision expanded with explicit enumeration of sharing scenarios (affiliates, vendors, legal requirements, merger/acquisition) but excerpt appears truncated in current version.
Cross-platform context
See how other platforms handle similar provisions across the ConductAtlas archive.
See the full side-by-side comparison of every sentence added, removed, and modified.
🔒 Full diff β MonitorMicrosoft updated three passages in its Responsible AI Principles on April 19, 2026. The first change revised the opening tagline β¦
Microsoft updated three phrases in its Responsible AI document. The opening tagline changed from 'Build your business with trustworthy AI' β¦
Microsoft modified its data retention policy language on April 19, 2026. Previously, the policy described specific retention criteria including whether β¦
We read the privacy policies and terms of service of 38 AI platforms. Here is what they say about training, retention, arbitration, and liaβ¦
Get alerted when this policy changes again β including what changed and why it matters.
Prefer a weekly summary instead?
Get the biggest policy changes across 320+ platforms every Sunday.