Microsoft · Microsoft Privacy Statement (Legacy)

Advertising and Behavioral Targeting

Medium severity
Share 𝕏 Share in Share

What it is

Microsoft uses your personal data — including browsing behavior and data from third-party sources — to show you targeted ads. While Microsoft says it doesn't 'sell' your data, it does share it with advertising partners.

Consumer impact (what this means for users)

Your browsing history, search queries, and cross-site behavior may be combined and used to target you with personalized advertisements across Microsoft's network and with third-party advertising partners.

What you can do

⚠️ These actions may provide transparency or partial mitigation but may not fully address the underlying issue. Effectiveness varies by jurisdiction and individual circumstances.
  • Opt Out of Arbitration
    Visit account.microsoft.com/privacy/ad-settings, sign in to your Microsoft account, and toggle off 'Interest-based advertising' to opt out of personalized ads from Microsoft.

How other platforms handle this

Shopify Medium

When we transfer personal information from the European Economic Area, United Kingdom, or Switzerland to countries that have not received an adequacy decision, we rely on appropriate safeguards, including Standard Contractual Clauses approved by the European Commission, to protect your personal info...

Lyft Medium

Information to make the Lyft Platform safer, like background check information or identity verification information

Robinhood Medium

We disclose information about you if we believe that disclosure is in accordance with, or required by, any applicable law or legal process or to protect and defend the rights, interests, safety, and security of Robinhood, our users, or the public.

See all platforms with this clause type →
Need full compliance memos? See Professional →

Why it matters (compliance & risk perspective)

Microsoft combines your activity across its own products with data from third-party websites to build an advertising profile, which may feel intrusive and could expose sensitive behavioral patterns to advertising partners.

View original clause language
Microsoft does not sell your personal data. However, we share personal data with third-party companies who help us provide and improve our products and for advertising purposes. We use the data we collect to provide you with relevant advertising. Data collected on Microsoft sites and apps may be combined with data about your online activity from third-party sites and apps to show you interest-based advertising. You can opt out of interest-based advertising from Microsoft by visiting the Microsoft opt-out page.

Institutional analysis (Compliance & legal intelligence)

REGULATORY FRAMEWORK: This provision implicates GDPR Art. 6(1)(a) (consent for advertising) and Art. 6(1)(f) (legitimate interests), Recital 47 (direct marketing), and ePrivacy Directive requirements for cookie-based tracking. Under CCPA/CPRA §1798.120, sharing data for cross-context behavioral advertising constitutes 'sale or sharing' triggering opt-out rights even absent monetary consideration. FTC Act Section 5 applies to deceptive representations about data sharing for advertising. IAB TCF consent framework compliance is relevant for EU deployments.

🔒

Compliance intelligence locked

Regulatory citations, enforcement risk, and due diligence action items.

Watcher $9.99/mo Professional $149/mo

Watcher: regulatory citations. Professional: full compliance memo.

Applicable agencies

  • FTC
    The FTC has enforcement authority over deceptive advertising data practices and has pursued major actions against companies that share personal data for behavioral advertising without adequate disclosure.
    File a complaint →
  • State AG
    California's CPPA and AG enforce CPRA opt-out rights for cross-context behavioral advertising; other state AGs enforce equivalent rights under VCDPA, CPA, TDPSA, and CTDPA.
    File a complaint →

Applicable regulations

BIPA
Illinois, USA
CCPA/CPRA
California, USA
COPPA
United States Federal
CAN-SPAM
United States Federal
DMA
European Union
FCRA
United States Federal
GDPR
European Union
GLBA
United States Federal
HIPAA
United States Federal
UK GDPR
United Kingdom

Provision details

Document information
Document
Microsoft Privacy Statement (Legacy)
Entity
Microsoft
Document last updated
March 5, 2026
Tracking information
First tracked
April 9, 2026
Last verified
April 9, 2026
Record ID
CA-P-002497
Document ID
CA-D-00001
Evidence Provenance
Source URL
https://www.microsoft.com/en-us/privacy/privacystatement
Wayback Machine
View archived versions →
SHA-256
7a7aaaae65bc958b5f0f4bd77710852e41e6cfb0400ed13c15acbc6d552e2a1d
Verified
✓ Snapshot stored   ✓ Change verified
How to Cite
ConductAtlas Policy Archive
Entity: Microsoft | Document: Microsoft Privacy Statement (Legacy) | Record: CA-P-002497
Captured: 2026-04-09 15:01:32 UTC | SHA-256: 7a7aaaae65bc958b…
URL: https://conductatlas.com/platform/microsoft/microsoft-privacy-statement-legacy/advertising-and-behavioral-targeting/
Accessed: April 29, 2026
Classification
Severity
Medium
Categories
Data sharing

Other provisions in this document

Related Analysis