What are the institutional and regulatory implications of this document?

(1) REGULATORY LANDSCAPE: This statement explicitly engages GDPR (EU/EEA and UK), a range of U.S. state privacy laws including CCPA (California), and COPPA for users under 13. The statement references Standard Contractual Clauses as a cross-border data transfer mechanism for EU data. Enforcement authorities include the FTC at the federal level in the U.S., state attorneys general under applicable state privacy statutes, EU data protection authorities, and the UK ICO. The statement's reliance on…

How does Microsoft Azure's Microsoft Privacy affect users?

The document establishes that Microsoft collects and processes personal data across device identifiers, location, browsing and search history, voice data, and communications content for purposes including advertising, personalization, and AI model improvement. For Copilot and AI-powered features, the document permits use of prompts and generated content to improve AI models subject to applicable settings and controls. The document authorizes users to access, review, adjust privacy settings, opt…

How often is Microsoft Azure's Microsoft Privacy updated?

ConductAtlas monitors this document daily and captures every version with cryptographic hashing and timestamp verification. Update frequency varies — see the change timeline on this page for complete version history.

Can I get alerted when Microsoft Azure updates this document?

Yes. Monitor subscribers ($19/month) can add Microsoft Azure to their watchlist and receive same-day email alerts whenever this document or any other Microsoft Azure document changes.

CA-D-000018

Microsoft Privacy

Microsoft Azure

Last change detected April 19, 2026 Privacy policy

SHA-256: df6d59073298e33eb92… 5 versions captured 4 changes documented

Create free account

Track 1 platform and get the weekly governance digest. No credit card required.

View original document at Microsoft Azure ↗

This page describes what the document states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability may vary by jurisdiction. Methodology

10 Total

1 High severity

7 Medium severity

2 Low severity

Summary

This document establishes Microsoft's privacy practices across its consumer and enterprise products, including Windows, Microsoft 365, Bing, Xbox, Cortana, Teams, and Copilot. The policy authorizes Microsoft to collect personal data including names, location, device identifiers, browsing and search history, voice recordings, and file and communication content, and to use this data for product operation, advertising, product improvement, and AI model development. The policy specifies that users may review, adjust, and delete personal data through the Microsoft privacy dashboard at account.microsoft.com/privacy.

Technical / Legal Breakdown

This document is Microsoft's global Privacy Statement, last updated March 2026, governing the collection, use, and sharing of personal data across Microsoft's consumer and enterprise products and services, with its legal basis rooted in consent, contractual necessity, legitimate interests, and legal obligation depending on jurisdiction. The statement asserts that Microsoft collects a broad range of personal data including name, contact information, device and usage data, location, biometric data (voiceprints and facial recognition in applicable products), browsing history, search queries, and content of communications, and the terms authorize use of this data for product improvement, personalization, advertising, and security purposes. Notably, the statement includes specific provisions for AI and Copilot capabilities, enterprise online services, children's data, and U.S. state-level privacy rights, and it distinguishes between Microsoft acting as a data controller for consumer products and as a data processor when enterprise customers deploy its services, a distinction that materially affects which rights consumers can exercise directly against Microsoft. The statement engages GDPR for EU/EEA users, CCPA and a range of U.S. state privacy laws for U.S. residents, COPPA for children under 13, and relevant frameworks in other jurisdictions; the statement acknowledges that data may be transferred internationally and that Microsoft relies on Standard Contractual Clauses and other transfer mechanisms. Material compliance considerations include the breadth of data collected for AI and Copilot features, the layered controller-processor structure in enterprise contexts, and Microsoft's stated reliance on legitimate interests as a processing basis in some contexts, which may require evaluation under GDPR's balancing test.

Institutional Analysis

Institutional analysis available with Compliance

Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Compliance.

Start Compliance free trial

4 important changes detected

5 versions captured · Last updated: April 2026

April 19, 2026

medium

What changed Microsoft Azure updated its privacy policy on April 19, 2026, making several changes to how it handles your data and communicates with you. The company added language stating it may contact you by phone using automated dialers and AI-generated voices if you consent to marketing communications. It also simplified and reorganized its data retention section, clarifying that it keeps your data while you use its services and for business, legal, and security purposes, but removed some specific examples and details about how long it retains different types of information.

Why this matters Microsoft now discloses that it may contact you by phone for marketing using automated dialers and AI-generated voices if you have consented to marketing communications, which represents a new disclosure of contact method and technology type. The company has also reorganized its data retention policy to state it retains data for broader business purposes including improving products and protecting systems, while removing previous specific examples and retention criteria, making it less clear exactly how long specific types of your data will be kept. You should review your consent settings for marketing communications and verify what contact methods you have authorized, particularly if you have concerns about automated or AI-generated calls.

View full change record →

April 1, 2026

medium

What changed Microsoft revised how it explains data retention. Previously, the policy listed specific criteria for deciding how long to keep data, including examples like documents in OneDrive. Now the policy provides a higher-level framework mentioning purposes for retention, data sensitivity, and legal obligations, but directs users to product documentation for specifics. The practical effect is less transparency about retention timelines in the main privacy policy itself.

Why this matters Microsoft's privacy policy now provides a less detailed explanation of how long your data is retained. Previously, the policy included specific examples, such as how long deleted emails remain in your system before final deletion, and listed criteria for deciding retention periods. Now those details are consolidated into a more general statement pointing readers to separate product documentation. This means you'll need to consult multiple documents to understand retention timelines for specific services, which reduces transparency at the point of reading the main privacy policy.

View full change record →

March 13, 2026 low

Microsoft Azure's privacy policy now discloses that if you consent to receive marketing communications via phone, the company may contact you using automated dialing systems and artificial or prerecorded voices, …

View change record →

March 6, 2026 medium

Microsoft updated its data retention policy on March 6, 2026, to provide more specific guidance on how long it keeps your data and under what circumstances. The new language clarifies …

View change record →

High — 1 provision

AI and Copilot Data Use Compare →

When you use Microsoft's Copilot or other AI-powered features, Microsoft collects your prompts (the questions or instructions you type), the AI's responses, and data about how you interact with those features, and may use this data to improve its AI products.

Added May 10, 2026 Standard Seen across 284 platforms

Medium — 7 provisions

Personal Data Collection Scope Compare →

Microsoft collects personal data about you from multiple sources: directly from you, automatically through how you use its products, and from third-party sources. The type and volume of data depends on which Microsoft products you use and your privacy settings.

Added May 10, 2026 Standard Seen across 284 platforms
Controller-Processor Distinction in Enterprise Contexts Compare →

When your employer or school provides you with Microsoft products (like Microsoft 365 or Teams), your employer is in charge of your data, not Microsoft directly. This means your privacy rights in that context must be exercised through your employer, not Microsoft.

Added May 10, 2026 Standard Seen across 284 platforms
Children's Data Collection and Parental Consent Compare →

Microsoft states it does not intentionally collect personal data from children under 13. If a parent discovers their child has provided data to Microsoft without consent, they can request deletion by contacting Microsoft.

Added May 10, 2026 Standard Seen across 284 platforms
U.S. State Data Privacy Rights Compare →

Depending on which U.S. state you live in, you may have the right to access, correct, delete, or export your personal data that Microsoft holds, and to opt out of targeted advertising or automated decision-making using your data.

Added April 27, 2026 Standard Seen across 284 platforms
Advertising and Interest-Based Targeting Compare →

Microsoft uses your personal data to serve you targeted advertisements and marketing, including by personalizing ads based on your browsing behavior, interests, and usage of Microsoft products.

Added May 10, 2026 Standard Seen across 284 platforms
Cross-Border Data Transfers Compare →

When you use Microsoft products, your data may be stored and processed in the United States or other countries that may have different privacy laws than where you live, including potentially weaker protections.

Added April 27, 2026 Standard Seen across 284 platforms
Cookies and Tracking Technologies Compare →

Microsoft places cookies and similar tracking technologies on your device when you use its websites and services, which are used for purposes including advertising, fraud prevention, sign-in, and analyzing how you use its products.

Added May 10, 2026 Standard Seen across 284 platforms

Low — 2 provisions

Data Retention Compare →

Microsoft keeps your personal data for as long as it needs to provide its services, comply with legal requirements, or resolve disputes, but the actual length of time varies by data type and product and is not specified in specific timeframes.

Added May 10, 2026 Standard Seen across 284 platforms
Changes to the Privacy Statement Compare →

Microsoft can update this privacy policy at any time and will notify users of material changes either by posting a notice on its website or by sending a direct notification, but non-material changes may occur with only a date update.

Added May 10, 2026 Standard Seen across 284 platforms

Monitoring

Microsoft Azure has updated this document before.

Monitor includes same-day alerts, structured change summaries, and monitoring for up to 25 platforms.

Start Monitor free trial Or create a free account →

Compliance Governance Intelligence

Need provision-level monitoring and regulatory mapping?

Compliance includes governance timelines, compliance memos, audit-ready analysis, and full provision tracking.

Start Compliance free trial

Cross-platform context

See how other platforms handle AI and Copilot Data Use and similar clauses.

Compare across platforms →

Archival ProvenanceSource & Archival Record

Last Captured April 19, 2026 06:13 UTC

Capture Method Automated scheduled archival capture

Document ID CA-D-000018

Version ID CA-V-000726

Source URL https://privacy.microsoft.com/en-us/privacystatement

Wayback Machine View external archival references →

SHA-256 df6d59073298e33eb92498505dee7c3099cd31586ddc77e63dd8c5451ad917cf

✓ Snapshot stored ✓ Text extracted ✓ Change verified ✓ Hash verified

Microsoft Privacy

April 19, 2026

April 1, 2026

Monitor governance changes across the platforms you rely on.