Microsoft uses personal data it collects about you to select and display targeted advertisements, both for its own products and for third-party advertisers. It may also permit advertisers to use data collected on Microsoft platforms for their own advertising purposes.
This analysis describes what Microsoft's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
The statement authorizes use of collected personal data including browsing behavior and interests for targeted advertising across Microsoft platforms and potentially on third-party platforms, which is a material data use that consumers may wish to limit through available opt-out controls.
Interpretive note: The extent to which the described advertising data sharing constitutes a sale or sharing under CCPA or equivalent state law definitions depends on jurisdiction-specific regulatory interpretation.
The updated policy establishes additional grounds on which Microsoft may retain personal data. While the prior version tied retention to specific user expectations and available deletion controls, the revised language authorizes retention for 'operating our business, meeting our contractual and legal obligations, improving and developing our products and services, protecting the safety and security of our systems and customers, and resolving disputes.' This expands the stated purposes beyond transaction fulfillment and legal compliance. The updated policy directs users to product-specific documentation for retention details rather than providing explicit deletion procedures and timelines in the privacy statement itself.
View change record →The updated policy now grounds data retention in five broad business purposes: operating the business, meeting contractual and legal obligations, improving and developing products and services, protecting system and customer safety, and resolving disputes. Previously, the policy articulated specific criteria for determining retention periods, including customer expectations for retention until manual deletion, availability of automated deletion controls, and data sensitivity. The revised language removes these granular criteria and instead requires users to consult individual product documentation to understand when their specific data will be deleted. This shifts the burden of finding retention timelines from the main policy statement to separate product-specific documents.
View change record →The updated Privacy Statement removes previously stated language about additional rights available to European Economic Area users, narrowing the policy's explicit protections in that region. Simultaneously, the revised terms now explicitly authorize Microsoft to contact users via auto-dialer and prerecorded voice for marketing purposes, provided the user has consented to receive marketing communications to the phone number supplied. This establishes Microsoft's contractual permission to initiate automated marketing calls using artificial intelligence-generated voice technology where user consent to marketing contact has been given.
View change record →Personal data collected through Microsoft products and services may be used to target advertisements to users across Microsoft platforms and third-party sites. Users can opt out of interest-based advertising through the Microsoft Privacy Dashboard and through the opt-out mechanisms described in the statement.
How other platforms handle this
We may display advertisements on our Services and those advertisements may be targeted to your interests based on your personal information. We may share your personal information with advertising partners for interest-based advertising purposes. You may opt out of interest-based advertising by visi...
src="https://trc.taboola.com/1142432/trc/3/json" ... src="https://www.googletagmanager.com/gtag/js?id=DC-15299257" ... src="https://tr.snapchat.com/config/com/af90c7f8-bd28-4988-b1ce-1711aad792f4.js" ... src="https://tr.snapchat.com/config/com/8fbe1595-8c5a-46b1-bbb2-66f3d57debde.js" ... src="https:...
We collect your personal data when you use our Services, create a new eBay account, provide us with information via a web form, add or update information in your eBay account, participate in online community discussions or otherwise interact with us.
Monitoring
Microsoft has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"Microsoft does not share personal data with advertisers unless you have given us permission to do so. We serve both first-party ads (ads for Microsoft products and services) and third-party ads (ads for products and services of companies other than Microsoft). We use data we collect to help select and deliver ads you see in our products and on other companies' products. We may also allow advertisers to use data about you collected on our site in their own advertising.— Excerpt from Microsoft's Microsoft Privacy Statement (Legacy)
REGULATORY LANDSCAPE: This provision engages CCPA and U.S. state privacy laws that may classify sharing of personal data for cross-context behavioral advertising as a sale or sharing requiring opt-out mechanisms; GDPR consent requirements apply for EU and UK users receiving targeted advertising. The FTC Act's prohibition on unfair or deceptive practices is also relevant. Enforcement authorities include the FTC, state attorneys general, and EU/UK data protection authorities. GOVERNANCE EXPOSURE: Medium. The statement's description of advertising data use and potential sharing with advertisers requires assessment against applicable opt-out and consent requirements, particularly under CCPA and GDPR. The provision permitting advertisers to use data collected on Microsoft's site in their own advertising warrants review of data flow documentation. JURISDICTION FLAGS: California residents have CCPA rights to opt out of the sale or sharing of personal information for cross-context behavioral advertising. EU and UK users are entitled to consent-based processing for behavioral advertising under GDPR. Other U.S. states with comprehensive privacy laws may also confer opt-out rights. CONTRACT AND VENDOR IMPLICATIONS: Organizations concerned about employee or customer data being used for advertising purposes through Microsoft enterprise products should verify whether enterprise data processing agreements exclude advertising use of customer data. COMPLIANCE CONSIDERATIONS: Compliance teams should verify that opt-out mechanisms for targeted advertising are technically functional and clearly disclosed; assess whether the statement's description of advertising data use satisfies CCPA and state law notice requirements; and evaluate GDPR consent validity for EU users receiving behavioral advertising.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Ad personalization controls removed. Contact scanning added. Advertiser data partnerships quietly dropped. A timeline of every change.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
The statement authorizes use of collected personal data including browsing behavior and interests for targeted advertising across Microsoft platforms and potentially on third-party platforms, which is a material data use that consumers may wish to limit through available opt-out controls.
Personal data collected through Microsoft products and services may be used to target advertisements to users across Microsoft platforms and third-party sites. Users can opt out of interest-based advertising through the Microsoft Privacy Dashboard and through the opt-out mechanisms described in the statement.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Microsoft.