Children under 13 are not allowed to use Microsoft services including Copilot without parental consent, and Microsoft may terminate accounts it discovers belong to users under 13. Parents of teens aged 13-17 should be aware that parental consent requirements vary by country.
Children under 13 using Copilot or other Microsoft services without a properly configured family account may have their personal data collected under adult consent terms, and parents may not be aware that their child's AI interactions are subject to Microsoft's broad content license.
How other platforms handle this
As Eventbrite is a global company, we may need to transfer your Personal Data outside of the country from which it was originally provided. This may be intra-group or to third parties that we work with who may be located in jurisdictions outside the EEA, Switzerland and the UK which have no data pro...
Personal data collected by Microsoft may be stored and processed in the United States or any other country where Microsoft or its affiliates, subsidiaries, or service providers maintain facilities. Microsoft complies with applicable legal frameworks relating to the transfer of data across borders, i...
Your information, including Personal Data, may be transferred to — and maintained on — computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from your jurisdiction. If you are located outside France and choo...
With Copilot now embedded across Windows and Microsoft 365 products widely used in schools and by families, the risk of minors inadvertently being subject to AI data collection practices covered by the adult terms is significant.
REGULATORY FRAMEWORK: This provision directly implicates COPPA 15 U.S.C. §6501 et seq. and 16 CFR Part 312 which require verifiable parental consent before collecting personal information from children under 13; GDPR Art. 8 which sets the digital consent age at 16 (with member states permitted to lower to 13) and requires parental consent for children below that age; UK Age Appropriate Design Code (Children's Code) ICO guidance; and California AADC (Age-Appropriate Design Code Act) AB 2273. The FTC enforces COPPA; EU DPAs and the ICO enforce GDPR Art. 8 and the Children's Code respectively.
Compliance intelligence locked
Regulatory citations, enforcement risk, and due diligence action items.
Watcher: regulatory citations. Professional: full compliance memo.
Your genetic data may be transferred to a new owner as a business asset. Here is what the Terms of Service actually say and what you can do right now.