What can I do about this clause?

{'method': 'EMAIL', 'recipient': 'privacy@github.com', 'difficulty': 'MODERATE', 'action_type': 'DELETE_DATA', 'instructions': "Email GitHub's privacy team at privacy@github.com to request deletion of your personal data or to object to processing shared with Microsoft affiliates. Specify that you are exercising your right to erasure or right to object under GDPR or applicable law.", 'deadline_days': None, 'deadline_hours': None}

Which regulatory agencies enforce this type of clause?

{'agency': 'FTC', 'reason': 'FTC has jurisdiction over unfair or deceptive data sharing practices between affiliated companies under FTC Act Section 5.', 'complaint_url': 'https://reportfraud.ftc.gov/'}

What is the severity of this clause?

ConductAtlas classifies this Microsoft and Affiliate Data Sharing clause as medium severity. Severity reflects the magnitude of rights affected, the breadth of users impacted, and the degree of discretion the platform retains.

Microsoft and Affiliate Data Sharing — GitHub

Share 𝕏 Share in Share 🔒 PDF

What it is

Because GitHub is owned by Microsoft, your personal data including your developer profile, activity, and content may be shared across the entire Microsoft group of companies for product and business purposes.

Clause Stability Highly Volatile

Change

Month Monitored

Apr 27, 2026

First Seen

Apr 27, 2026

Last Seen

This clause has changed once in 1 month of monitoring.

Change history

modified Apr 28, 2026

Previous version had no excerpt; current version now explicitly states GitHub is a Microsoft subsidiary and clarifies data sharing is governed by Microsoft agreements.

View full change record →

Consumer impact (what this means for users)

Your GitHub data — including repository activity, email, IP address, and usage patterns — can be shared with Microsoft and all its subsidiaries, potentially connecting your developer identity to other Microsoft services you use.

What you can do

⚠️ These actions may provide transparency or partial mitigation but may not fully address the underlying issue. Effectiveness varies by jurisdiction and individual circumstances.

Delete Your Data

Email GitHub's privacy team at privacy@github.com to request deletion of your personal data or to object to processing shared with Microsoft affiliates. Specify that you are exercising your right to erasure or right to object under GDPR or applicable law.

Cross-platform context

See how other platforms handle Microsoft and Affiliate Data Sharing and similar clauses.

Compare across platforms →

Need full compliance memos? See Professional →

Why it matters (compliance & risk perspective)

Data shared with Microsoft and its subsidiaries dramatically expands the ecosystem of entities that can access your GitHub information, potentially linking your developer activity to other Microsoft products like Azure, LinkedIn, or Office 365.

View original clause language

GitHub is a wholly-owned subsidiary of Microsoft Corporation. We may share your personal data with our parent company, Microsoft, and other subsidiaries within the Microsoft family of companies for purposes including operating, providing, and improving our products and services. This sharing is governed by our agreements with Microsoft and is subject to the same privacy protections described in this statement.

Institutional analysis (Compliance & legal intelligence)

REGULATORY FRAMEWORK: This provision implicates GDPR Art. 6(1)(f) (legitimate interests for intra-group transfers), GDPR Art. 46 (SCCs or BCRs required for transfers outside EEA), CCPA/CPRA §1798.140(ah) definition of 'sharing' for cross-context behavioral advertising purposes, and UK GDPR Chapter V for UK-to-US transfers. The Irish DPC is the lead supervisory authority for GitHub/Microsoft EU operations.

🔒

Compliance intelligence locked

Regulatory citations, enforcement risk, and due diligence action items.

Watcher $9.99/mo Professional $149/mo

Watcher: regulatory citations. Professional: full compliance memo.

Applicable agencies

FTC

FTC has jurisdiction over unfair or deceptive data sharing practices between affiliated companies under FTC Act Section 5.
File a complaint →

Provision details

Document information

Document

GitHub Privacy Statement

Entity

GitHub

Document last updated

April 29, 2026

Tracking information

First tracked

April 27, 2026

Last verified

April 27, 2026

Record ID

CA-P-003596

Document ID

CA-D-00254

Evidence Provenance

Source URL

https://docs.github.com/en/site-policy/privacy-policies/github-general-privacy-statement

Wayback Machine

View archived versions →

SHA-256

6b5f0a9a524d3261cfe25f12abc65ee86bfcca11dcb979d0a2c6fa30d7aa36e8

Verified

✓ Snapshot stored ✓ Change verified

How to Cite

ConductAtlas Policy Archive
Entity: GitHub | Document: GitHub Privacy Statement | Record: CA-P-003596
Captured: 2026-04-27 14:59:43 UTC | SHA-256: 6b5f0a9a524d3261…
URL: https://conductatlas.com/platform/github/github-privacy-statement/microsoft-and-affiliate-data-sharing/
Accessed: May 2, 2026

Classification

Severity

Medium

Microsoft and Affiliate Data Sharing