What can I do about this clause?

{'method': 'WEB_FORM', 'recipient': 'https://account.microsoft.com/privacy/ad-settings', 'difficulty': 'EASY', 'action_type': 'OPT_OUT_ARBITRATION', 'instructions': 'California, Colorado, Virginia, and other state residents can opt out of the sale and sharing of personal data for targeted advertising by visiting account.microsoft.com/privacy/ad-settings and toggling off interest-based advertising.', 'deadline_days': None, 'deadline_hours': None}

Which regulatory agencies enforce this type of clause?

{'agency': 'State_AG', 'reason': 'State Attorneys General in California, Virginia, Colorado, Connecticut, Texas, and Oregon have enforcement authority over consumer privacy rights under their respective state privacy laws.', 'complaint_url': 'https://www.naag.org/find-my-ag/'}

What is the severity of this clause?

ConductAtlas classifies this U.S. State Data Privacy Rights (CCPA/CPRA and Others) clause as medium severity. Severity reflects the magnitude of rights affected, the breadth of users impacted, and the degree of discretion the platform retains.

U.S. State Data Privacy Rights (CCPA/CPRA and Others) — Microsoft

Share 𝕏 Share in Share 🔒 PDF

What it is

Residents of California, Colorado, Connecticut, Oregon, Texas, Virginia, and other states have specific legal rights to access, correct, delete, and opt out of the sale of their personal data, and Microsoft commits to honoring these rights.

Consumer impact (what this means for users)

If you live in California, Colorado, Connecticut, Oregon, Texas, or Virginia, you have legally enforceable rights including the right to delete your Microsoft data and opt out of targeted advertising data sharing — these rights can be exercised at account.microsoft.com/privacy.

What you can do

⚠️ These actions may provide transparency or partial mitigation but may not fully address the underlying issue. Effectiveness varies by jurisdiction and individual circumstances.

Opt Out of Arbitration

California, Colorado, Virginia, and other state residents can opt out of the sale and sharing of personal data for targeted advertising by visiting account.microsoft.com/privacy/ad-settings and toggling off interest-based advertising.

Cross-platform context

See how other platforms handle U.S. State Data Privacy Rights (CCPA/CPRA and Others) and similar clauses.

Compare across platforms →

Need full compliance memos? See Professional →

Why it matters (compliance & risk perspective)

U.S. state privacy laws give millions of Americans legally enforceable rights over their Microsoft data that go beyond what the general privacy statement offers, including the right to opt out of data being shared for advertising purposes.

View original clause language

Several U.S. states, including California, Colorado, Connecticut, Oregon, Texas, and Virginia, provide their residents with specific privacy rights. These include the right to know what personal data is collected and how it is used, the right to access, correct, and delete personal data, the right to opt out of the sale or sharing of personal data and the processing of personal data for targeted advertising, and in some states, the right to appeal a decision made in response to a privacy request. Depending on where you live, you may have additional rights or these rights may operate differently.

Institutional analysis (Compliance & legal intelligence)

REGULATORY FRAMEWORK: This provision implicates CCPA/CPRA (Cal. Civ. Code §§1798.100–1798.199, enforced by California AG and CPPA); Virginia CDPA (Va. Code Ann. §§59.1-571 et seq., enforced by Virginia AG); Colorado CPA (C.R.S. §§6-1-1301 et seq., enforced by Colorado AG); Connecticut CTDPA (Conn. Gen. Stat. §§42-515 et seq.); Texas TDPSA (Bus. & Com. Code Ch. 541); Oregon CPA (ORS Ch. 646A); and Washington My Health Data Act for health-related data. Enforcement varies by state — California CPPA has independent enforcement authority; other states rely on AG enforcement with cure periods.

🔒

Compliance intelligence locked

Regulatory citations, enforcement risk, and due diligence action items.

Watcher $9.99/mo Professional $149/mo

Watcher: regulatory citations. Professional: full compliance memo.

Applicable agencies

State AG

State Attorneys General in California, Virginia, Colorado, Connecticut, Texas, and Oregon have enforcement authority over consumer privacy rights under their respective state privacy laws.
File a complaint →

Provision details

Document information

Document

Microsoft Privacy Statement (Legacy)

Entity

Microsoft

Document last updated

March 5, 2026

Tracking information

First tracked

April 28, 2026

Last verified

April 28, 2026

Record ID

CA-P-003855

Document ID

CA-D-00001

Evidence Provenance

Source URL

https://www.microsoft.com/en-us/privacy/privacystatement

Wayback Machine

View archived versions →

SHA-256

9e697464d17b7148c787f07099c60e30370abb2b13a7f2a910f607e31ec13158

Verified

✓ Snapshot stored ✓ Change verified

How to Cite

ConductAtlas Policy Archive
Entity: Microsoft | Document: Microsoft Privacy Statement (Legacy) | Record: CA-P-003855
Captured: 2026-04-28 08:11:57 UTC | SHA-256: 9e697464d17b7148…
URL: https://conductatlas.com/platform/microsoft/microsoft-privacy-statement-legacy/us-state-data-privacy-rights-ccpacpra-and-others/
Accessed: April 29, 2026

Classification

Severity

Medium

U.S. State Data Privacy Rights (CCPA/CPRA and Others)