Microsoft · Microsoft Privacy Statement (Legacy)

Third-Party Data Sharing with Vendors and Partners

High severity
Share 𝕏 Share in Share

What it is

Microsoft shares your personal data with third-party vendors, service providers, advertising partners, and other companies that help deliver its services or use it to show you ads.

Why it matters

Once your data is shared with third parties, you lose direct control over how it is handled, and those third parties may have their own privacy policies and data uses that differ from Microsoft's.

Institutional analysis (Compliance & legal intelligence)

Third-party data sharing arrangements must comply with GDPR Article 28 (controller-processor agreements), CCPA's service provider restrictions, and applicable cross-border transfer rules. Compliance teams should request and review Microsoft's data processing agreements and sub-processor lists, particularly for high-risk processing activities.

πŸ”’

Compliance intelligence locked

Regulatory citations, enforcement risk, and due diligence action items.

Watcher $9.99/mo Professional $149/mo

Watcher: regulatory citations. Professional: full compliance memo.

Consumer impact

Microsoft collects extensive personal data across its products including search history, voice recordings, location data, browsing behaviour, and inferred interests, and uses this data for targeted advertising and product improvement. Users' data may be shared with affiliates, advertising partners, and other third parties, and sensitive data such as health and biometric information may also be collected in certain contexts. You can review, download, or delete your personal data by visiting Microsoft's Privacy Dashboard at account.microsoft.com/privacy.

What you can do

⚠️ These actions may provide transparency or partial mitigation but may not fully address the underlying issue. Effectiveness varies by jurisdiction and individual circumstances.
  • Export Your Data
    Visit account.microsoft.com/privacy to review what data Microsoft holds about you and submit requests to limit or delete data that may be shared with third parties.

Applicable agencies

  • FTC
    The FTC has jurisdiction over deceptive or unfair third-party data sharing practices under Section 5 of the FTC Act.
    File a complaint →

Provision details

Document information
Document
Microsoft Privacy Statement (Legacy)
Entity
Microsoft
Document last updated
March 5, 2026
Tracking information
First tracked
March 15, 2026
Last verified
March 15, 2026
Record ID
CA-P-00001007
Document ID
CA-D-00001
Evidence Provenance
Source URL
https://www.microsoft.com/en-us/privacy/privacystatement
Wayback Machine
View archived versions →
SHA-256
45f09bce08bba70d095c6310e3c8383cc7e2ee6d93fc0795641bd50132df016b
Verified
✓ Snapshot stored   ✓ Change verified
How to Cite
ConductAtlas Policy Archive
Entity: Microsoft | Document: Microsoft Privacy Statement (Legacy) | Record: CA-P-00001007
Captured: 2026-03-15 11:31:06 UTC | SHA-256: 45f09bce08bba70d…
URL: https://conductatlas.com/platform/microsoft/microsoft-privacy-statement-legacy/third-party-data-sharing-with-vendors-and-partners/
Accessed: April 4, 2026
Classification
Severity
High
Categories
Data sharing Privacy Consent

Other provisions in this document