Microsoft · Microsoft Privacy Statement (Legacy)

Health Data and Consumer Health Privacy

High severity
Share 𝕏 Share in Share

What it is

Health data you provide to Microsoft health-related products and services, such as fitness data, health history, and other health information, is used to provide those services and improve them. Microsoft has a separate Consumer Health Data Privacy Policy that governs the collection and use of consumer health data in applicable Microsoft products.

Why it matters

Health data is among the most sensitive categories of personal information, and its collection by a technology company through non-medical products creates risks around re-identification, secondary use, and exposure to law enforcement requests that may not be present with traditional healthcare providers.

Consumer impact

Microsoft collects a wide range of personal data — including location, voice recordings, search queries, browsing history, and content you create — across all its products and uses this data for advertising personalisation, AI training, and product improvement. Users with a Microsoft account have rights to access, correct, delete, and export their data, and can opt out of interest-based advertising, but many data uses are bundled under broad legitimate interest or contractual necessity grounds that cannot be individually declined. You can review, download, and delete your personal data, and adjust advertising and diagnostic data settings, by visiting the Microsoft Privacy Dashboard at account.microsoft.com/privacy.

What you can do

⚠️ These actions may provide transparency or partial mitigation but may not fully address the underlying issue. Effectiveness varies by jurisdiction and individual circumstances.
  • Delete Your Data
    Visit account.microsoft.com/privacy, navigate to 'Activity History', select health-related data categories, and delete them. Additionally, review the Consumer Health Data Privacy Policy at privacy.microsoft.com/microsoft-consumer-health-data-privacy-policy for health-specific data controls.

Applicable agencies

  • Hhs Ocr
    HHS Office for Civil Rights enforces HIPAA and has authority over Microsoft where it acts as a Business Associate processing protected health information for covered entity customers.
    File a complaint →
  • FTC
    The FTC has active enforcement authority over health data misuse by non-HIPAA-covered technology companies under FTC Act Section 5, including companies collecting health data through consumer products.
    File a complaint →

Provision details

Document information
Document
Microsoft Privacy Statement (Legacy)
Entity
Microsoft
Document last updated
March 5, 2026
Tracking information
First tracked
April 1, 2026
Last verified
April 4, 2026
Record ID
CA-P-002061
Document ID
CA-D-00001
Evidence Provenance
Source URL
https://www.microsoft.com/en-us/privacy/privacystatement
Wayback Machine
View archived versions →
SHA-256
53438792c608fb8300a22a50aa22e6de5e810a38ca3fbef41d76b85849529496
Verified
✓ Snapshot stored   ✓ Change verified
How to Cite
ConductAtlas Policy Archive
Entity: Microsoft | Document: Microsoft Privacy Statement (Legacy) | Record: CA-P-002061
Captured: 2026-04-01 13:59:02 UTC | SHA-256: 53438792c608fb83…
URL: https://conductatlas.com/platform/microsoft/microsoft-privacy-statement-legacy/health-data-and-consumer-health-privacy/
Accessed: April 4, 2026
Classification
Severity
High
Categories
Unknown

Other provisions in this document