What can I do about this clause?

{'method': 'WEB_FORM', 'recipient': 'https://account.microsoft.com/privacy', 'difficulty': 'MODERATE', 'action_type': 'DELETE_DATA', 'instructions': "Log in to your Microsoft account, navigate to the Privacy Dashboard at account.microsoft.com/privacy, select 'AI interaction history' or 'Copilot activity', and submit a deletion request for your stored AI prompt data.", 'deadline_days': None, 'deadline_hours': None}

Which regulatory agencies enforce this type of clause?

{'agency': 'FTC', 'reason': 'The FTC has authority over deceptive or unfair data practices related to AI systems under FTC Act Section 5, including undisclosed human review of AI interactions.', 'complaint_url': 'https://reportfraud.ftc.gov/'}

What is the severity of this clause?

ConductAtlas classifies this AI and Copilot Data Collection clause as high severity. Severity reflects the magnitude of rights affected, the breadth of users impacted, and the degree of discretion the platform retains.

AI and Copilot Data Collection — Microsoft

Share 𝕏 Share in Share

What it is

When you use Microsoft's AI tools like Copilot, Microsoft collects what you type into the AI (your prompts), the AI's responses, and how you interact with those features. Microsoft staff may review these interactions.

Consumer impact (what this means for users)

Your Copilot prompts and AI-generated responses are collected and may be reviewed by Microsoft employees, meaning sensitive information you share with AI tools is not private in the way a personal conversation would be.

What you can do

⚠️ These actions may provide transparency or partial mitigation but may not fully address the underlying issue. Effectiveness varies by jurisdiction and individual circumstances.

Delete Your Data

Log in to your Microsoft account, navigate to the Privacy Dashboard at account.microsoft.com/privacy, select 'AI interaction history' or 'Copilot activity', and submit a deletion request for your stored AI prompt data.

How other platforms handle this

TikTok Medium

ruleName: ua_block ... handler: block ... url: https://ssl.google-analytics.com/__utm.gif ... url: https://stats.g.doubleclick.net/j/collect ... url: https://www.google-analytics.com/analytics.js ... url: https://www.google-analytics.com/j/collect ... ruleName: ga3_block

PayPal Medium

You also consent to PayPal obtaining your personal and/or business credit report from a credit reporting agency at account opening and whenever we reasonably believe there may be an increased level of risk associated with your business account.

Comcast Medium

To understand how we collect and use information through the Services, please read our privacy policy, available at xfinity.com/privacy/policy.

See all platforms with this clause type →

Need full compliance memos? See Professional →

Why it matters (compliance & risk perspective)

AI prompts can contain sensitive personal, professional, or confidential information, and users may not realize this content is stored, reviewed by humans, and used to improve Microsoft's products.

View original clause language

Microsoft collects data from your interactions with AI features and Copilot, including your prompts, the results Microsoft provides, and how you interact with AI features. This data is used to provide the AI features, to improve Microsoft products and services, and for other purposes described in this privacy statement. When you use Copilot or other AI-powered features, your interactions, including the text you enter, may be reviewed by Microsoft employees and contractors to improve the service.

Institutional analysis (Compliance & legal intelligence)

REGULATORY FRAMEWORK: This provision implicates GDPR Art. 6(1)(f) (legitimate interests as legal basis for AI improvement), Art. 13 (transparency at point of collection), Art. 22 (automated decision-making), and EU AI Act Arts. 13 and 52 (transparency obligations for AI systems interacting with natural persons). In the US, FTC Act Section 5 unfair or deceptive practices standards apply to disclosures about human review of AI interactions. The EU AI Act's GPAI provisions (Arts. 53-55) apply to foundation models underlying Copilot.

🔒

Compliance intelligence locked

Regulatory citations, enforcement risk, and due diligence action items.

Watcher $9.99/mo Professional $149/mo

Watcher: regulatory citations. Professional: full compliance memo.

Applicable agencies

FTC

The FTC has authority over deceptive or unfair data practices related to AI systems under FTC Act Section 5, including undisclosed human review of AI interactions.
File a complaint →

Applicable regulations

United States Federal

CAN-SPAM

United States Federal

DMA

European Union

FCRA

United States Federal

GDPR

European Union

GLBA

United States Federal

HIPAA

United States Federal

TCPA

United States Federal

UK GDPR

United Kingdom

Provision details

Document information

Document

Microsoft Privacy Statement (Legacy)

Entity

Microsoft

Document last updated

March 5, 2026

Tracking information

First tracked

April 9, 2026

Last verified

April 9, 2026

Record ID

CA-P-002496

Document ID

CA-D-00001

Evidence Provenance

Source URL

https://www.microsoft.com/en-us/privacy/privacystatement

Wayback Machine

View archived versions →

SHA-256

7a7aaaae65bc958b5f0f4bd77710852e41e6cfb0400ed13c15acbc6d552e2a1d

Verified

✓ Snapshot stored ✓ Change verified

How to Cite

ConductAtlas Policy Archive
Entity: Microsoft | Document: Microsoft Privacy Statement (Legacy) | Record: CA-P-002496
Captured: 2026-04-09 15:01:32 UTC | SHA-256: 7a7aaaae65bc958b…
URL: https://conductatlas.com/platform/microsoft/microsoft-privacy-statement-legacy/ai-and-copilot-data-collection/
Accessed: April 29, 2026

Classification

Severity

High

AI and Copilot Data Collection

What it is

Consumer impact (what this means for users)

What you can do

Why it matters (compliance & risk perspective)

Institutional analysis (Compliance & legal intelligence)

Applicable agencies

Applicable regulations

Provision details

Other provisions in this document

Related Analysis