What is the severity of this clause?

ConductAtlas classifies this Personal Data Collection Scope clause as medium severity. Severity reflects the magnitude of rights affected, the breadth of users impacted, and the degree of discretion the platform retains.

Do other platforms have similar clauses?

Yes. ConductAtlas has identified similar Personal Data Collection Scope clauses across approximately 11 other tracked platforms. You can compare how platforms differ on this clause type in the cross-platform comparison view.

Personal Data Collection Scope — Microsoft

Share 𝕏 Share in Share 🔒 PDF

Recent governance activity Microsoft recorded 3 documented changes in the last 30 days.

Start monitoring updates

Monitor governance changes for Microsoft Create a free account to receive the weekly governance digest and monitor one platform for governance changes.

Create free account No credit card required.

ⓘ

This analysis describes what Microsoft's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology

ConductAtlas Analysis

Why it matters (compliance & governance perspective)

The breadth of collection means that simply using Microsoft products, even passively, generates a data profile that combines what you tell Microsoft, what your device reports, and what third parties share about you.

Recent Activity

This document changed recently

Medium Apr 19, 2026

The updated policy establishes additional grounds on which Microsoft may retain personal data. While the prior version tied retention to specific user expectations and available deletion controls, th…

Medium Apr 1, 2026

The updated policy now grounds data retention in five broad business purposes: operating the business, meeting contractual and legal obligations, improving and developing products and services, prote…

Medium Mar 13, 2026

The updated Privacy Statement removes previously stated language about additional rights available to European Economic Area users, narrowing the policy's explicit protections in that region. Simulta…

Consumer impact (what this means for users)

The statement authorizes Microsoft to collect a wide range of personal data including identifiers, location, voice and audio recordings, browsing and search history, and content created within Microsoft products, and to use this data for advertising, product personalization, and AI model improvement across its product portfolio. EU and UK users have GDPR-based rights including access, correction, deletion, and objection to processing, while California and other U.S. state residents have rights under applicable state privacy laws including the right to opt out of data sales or sharing for targeted advertising. You can access, review, download, or delete your personal data and adjust advertising and personalization settings at account.microsoft.com/privacy.

How other platforms handle this

Ledger Medium

At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.

Discord Medium

We collect the following information when you register for and use our services: Account information. You can create a Discord account by providing an email address and creating a username and password. When you create an account, we will assign you a unique identifier. If you choose to, you may pro...

Egnyte Medium

We collect information you provide directly to us, such as when you create an account, contact us for support, sign up for marketing emails, or otherwise communicate with us. The types of information we may collect include your name, email address, postal address, phone number, company name, job tit...

See all platforms with this clause type →

Monitoring

Microsoft has changed this document before.

Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.

Start Watcher free trial Or create a free account →

▸ View Original Clause Language DOCUMENT RECORD

"
Microsoft collects data from you, through our interactions with you and through our products. You provide some of this data directly, such as when you create a Microsoft account, administer your organization's licensing account, submit a search query to Bing, register for a Microsoft event, speak a voice command to Cortana, upload a document to OneDrive, purchase a Microsoft product or service, or contact us for support. We get some of it by recording how you interact with our products by, for example, using technologies like cookies, and receiving error reports or usage data from software running on your device. We also obtain data from third parties.

— Excerpt from Microsoft's Microsoft Privacy Statement (Legacy)

Applicable regulations

Connecticut Data Privacy Act Amendments

US-CT

CAN-SPAM

United States Federal

United States Federal

GDPR

European Union

Indiana Consumer Data Protection Act

US-IN

Kentucky Consumer Data Protection Act

US-KY

TCPA

United States Federal

UK GDPR

United Kingdom

Universal Opt-Out Mechanism Expansion 2026

Provision details

Document information

Document

Microsoft Privacy Statement (Legacy)

Entity

Microsoft

Document last updated

March 5, 2026

Tracking information

First tracked

April 28, 2026

Last verified

May 12, 2026

Record ID

CA-P-008960

Document ID

CA-D-00001

Evidence Provenance

Source URL

https://www.microsoft.com/en-us/privacy/privacystatement

Wayback Machine

View archived versions →

Content hash (SHA-256)

9e697464d17b7148c787f07099c60e30370abb2b13a7f2a910f607e31ec13158

Analysis generated

April 28, 2026 08:11 UTC

Methodology

summarize_document-v8

Evidence

✓ Snapshot stored ✓ Hash verified

Citation Record

Entity: Microsoft
Document: Microsoft Privacy Statement (Legacy)
Record ID: CA-P-008960
Captured: 2026-04-28 08:11:57 UTC
SHA-256: 9e697464d17b7148…
URL: https://conductatlas.com/platform/microsoft/microsoft-privacy-statement-legacy/personal-data-collection-scope/
Accessed: May 14, 2026

Permanent archival reference. Stable identifier suitable for legal filings, compliance documentation, and research citation.

Classification

Severity

Medium

Other risks in this policy

AI and Copilot Data Use for Model Improvement medium
Personal Data Collection Categories medium
Advertising and Behavioral Targeting medium
Children's Data Collection and Parental Consent medium
Voice and Audio Data Collection medium
U.S. State Data Privacy Rights medium

Related Analysis

Netflix Updated Terms Authorize Voice Data Collection: April 2026
Netflix updated its Privacy Statement on April 18, 2026, disclosing voice recording collection and expanded household ad profiling for the first time.
What Google Actually Knows About You
Google's Privacy Policy covers Search, Gmail, YouTube, Maps, and every site running Google Analytics. Here is what it actually authorizes.

Professional Governance Intelligence

Need to monitor specific governance provisions?

Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.

Arbitration clauses AI governance Data rights Indemnification Retention policies

Start Professional free trial

Or start with Watcher →

Built from archived source documents, structured governance mappings, and historical version tracking.

Frequently Asked Questions

What does Microsoft's Personal Data Collection Scope clause do?

How many platforms have this type of clause?

ConductAtlas has identified this type of provision across 11 platforms. See the full comparison.

Is ConductAtlas affiliated with Microsoft?

No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Microsoft.