Microsoft · Microsoft Privacy Statement (Legacy)

AI and Copilot Data Processing

High severity
Share 𝕏 Share in Share

What it is

When you use Microsoft's AI services such as Copilot, your prompts, queries, and interactions may be collected and used to improve AI models and personalise your experience.

Why it matters

AI interactions can contain highly sensitive personal, professional, or confidential information, and users should be aware that these inputs may be stored and used to train or improve Microsoft's AI systems.

Institutional analysis (Compliance & legal intelligence)

Processing of AI interaction data raises novel compliance questions under the EU AI Act, GDPR's purpose limitation and data minimisation principles, and emerging US state AI transparency laws. Compliance teams should assess whether Microsoft's AI data retention and training practices are disclosed with sufficient specificity to satisfy GDPR's transparency requirements and obtain valid consent.

🔒

Compliance intelligence locked

Regulatory citations, enforcement risk, and due diligence action items.

Watcher $9.99/mo Professional $149/mo

Watcher: regulatory citations. Professional: full compliance memo.

Consumer impact

Microsoft collects extensive personal data across its products including search history, voice recordings, location data, browsing behaviour, and inferred interests, and uses this data for targeted advertising and product improvement. Users' data may be shared with affiliates, advertising partners, and other third parties, and sensitive data such as health and biometric information may also be collected in certain contexts. You can review, download, or delete your personal data by visiting Microsoft's Privacy Dashboard at account.microsoft.com/privacy.

What you can do

⚠️ These actions may provide transparency or partial mitigation but may not fully address the underlying issue. Effectiveness varies by jurisdiction and individual circumstances.
  • Delete Your Data
    Sign in to account.microsoft.com/privacy and navigate to your activity history to review and delete AI interaction data stored by Microsoft's Copilot and related services.

Applicable agencies

  • FTC
    The FTC has authority to investigate unfair or deceptive AI data practices, including use of consumer inputs for model training without adequate disclosure.
    File a complaint →

Provision details

Document information
Document
Microsoft Privacy Statement (Legacy)
Entity
Microsoft
Document last updated
March 5, 2026
Tracking information
First tracked
March 15, 2026
Last verified
March 15, 2026
Record ID
CA-P-00001008
Document ID
CA-D-00001
Evidence Provenance
Source URL
https://www.microsoft.com/en-us/privacy/privacystatement
Wayback Machine
View archived versions →
SHA-256
45f09bce08bba70d095c6310e3c8383cc7e2ee6d93fc0795641bd50132df016b
Verified
✓ Snapshot stored   ✓ Change verified
How to Cite
ConductAtlas Policy Archive
Entity: Microsoft | Document: Microsoft Privacy Statement (Legacy) | Record: CA-P-00001008
Captured: 2026-03-15 11:31:06 UTC | SHA-256: 45f09bce08bba70d…
URL: https://conductatlas.com/platform/microsoft/microsoft-privacy-statement-legacy/ai-and-copilot-data-processing/
Accessed: April 4, 2026
Classification
Severity
High
Categories
Privacy Consent Data sharing Surveillance

Other provisions in this document