Microsoft combines data about you from across its many products and services — such as Windows, Office, Bing, and Xbox — to build a more complete profile that can be used for product features, personalisation, and advertising.
When data from multiple services is combined, the resulting profile is far more detailed and revealing than any single data point, increasing the risk of privacy harm and the commercial exploitation of your personal information.
Cross-product data integration raises data minimisation and purpose limitation concerns under GDPR Articles 5(1)(b) and (c), and may trigger CCPA obligations regarding the aggregation of personal information from multiple sources. Compliance teams should evaluate whether data linkage across products constitutes a new processing purpose requiring fresh consent.
Compliance intelligence locked
Regulatory citations, enforcement risk, and due diligence action items.
Watcher: regulatory citations. Professional: full compliance memo.
Microsoft collects extensive personal data across its products including search history, voice recordings, location data, browsing behaviour, and inferred interests, and uses this data for targeted advertising and product improvement. Users' data may be shared with affiliates, advertising partners, and other third parties, and sensitive data such as health and biometric information may also be collected in certain contexts. You can review, download, or delete your personal data by visiting Microsoft's Privacy Dashboard at account.microsoft.com/privacy.