For users in the European Economic Area and United Kingdom, Microsoft Ireland Operations Limited is designated as the data controller responsible for how your personal data is handled.
Knowing who the legal data controller is enables EU and UK users to direct data rights requests and regulatory complaints to the correct entity, and determines which supervisory authority has jurisdiction.
The designation of Microsoft Ireland Operations Limited as EEA/UK controller has implications for jurisdictional competence (Irish DPC as lead supervisory authority under GDPR's one-stop-shop mechanism), cross-border data transfer compliance, and the applicability of UK GDPR post-Brexit. Legal teams should confirm that data processing agreements with Microsoft entities reflect this controller designation.
Compliance intelligence locked
Regulatory citations, enforcement risk, and due diligence action items.
Watcher: regulatory citations. Professional: full compliance memo.
Microsoft collects extensive personal data across its products including search history, voice recordings, location data, browsing behaviour, and inferred interests, and uses this data for targeted advertising and product improvement. Users' data may be shared with affiliates, advertising partners, and other third parties, and sensitive data such as health and biometric information may also be collected in certain contexts. You can review, download, or delete your personal data by visiting Microsoft's Privacy Dashboard at account.microsoft.com/privacy.