Microsoft provides tools at account.microsoft.com/privacy for you to access, correct, delete, export, or restrict use of your personal data, and you can also contact Microsoft directly if the tool doesn't cover what you need.
Consumer impact (what this means for users)
Consumers in the EU, UK, California, and other U.S. states have legally enforceable rights to access, correct, delete, and port their personal data held by Microsoft, and can exercise most of these rights directly through the Microsoft privacy dashboard at account.microsoft.com/privacy.
What you can do
⚠️ These actions may provide transparency or partial mitigation but may not fully address the underlying issue. Effectiveness varies by jurisdiction and individual circumstances.
Export Your Data
Log in to account.microsoft.com/privacy and select 'Download your data' to request a copy of your personal data held by Microsoft. You can also select specific data categories to export.
Delete Your Data
Log in to account.microsoft.com/privacy and navigate to the relevant data category (e.g., search history, location data, activity history). Select 'Clear' or 'Delete' for each category, or use the global delete option where available.
Cross-platform context
See how other platforms handle Data Subject Rights and Access Controls and similar clauses.
Understanding and using these rights is essential for controlling what Microsoft knows about you — especially given the broad data collection across Microsoft's products — and these rights are legally enforceable in the EU, UK, California, and other jurisdictions.
View original clause language
You can access and control your personal data through the tools Microsoft provides to you, or by contacting Microsoft. You have a right to access, correct, delete, and in some cases port your data. You can also object to or restrict certain processing. For Microsoft account holders, many of these controls are available directly at account.microsoft.com/privacy. If you would like to exercise rights that are not available through our tools or if you have a question about your data, please contact us using the information in the 'How to contact us' section of this privacy statement.
REGULATORY FRAMEWORK: This provision implicates GDPR Arts. 15–22 (rights of access, rectification, erasure, restriction, portability, objection, and rights related to automated decision-making — enforced by EU DPAs); UK GDPR (ICO enforcement); CCPA/CPRA §§1798.100–1798.125 (rights to know, delete, correct, and opt out — California AG/CPPA enforcement); and equivalent rights under Virginia CDPA, Colorado CPA, Connecticut CTDPA, Texas TDPSA, and Oregon CPA. GDPR responses required within 30 days (extendable to 90 days); CCPA/CPRA within 45 days (extendable to 90 days).
🔒
Compliance intelligence locked
Regulatory citations, enforcement risk, and due diligence action items.
Watcher: regulatory citations. Professional: full compliance memo.
Applicable agencies
FTC
FTC has authority to enforce consumer data access and deletion rights as unfair or deceptive practices where Microsoft fails to honor stated commitments.
State AGs in California, Virginia, Colorado, Connecticut, Texas, and Oregon have enforcement authority over data subject rights under their respective state privacy laws.