What can I do about this clause?

{'method': 'WEB_FORM', 'recipient': 'https://account.microsoft.com/privacy', 'difficulty': 'EASY', 'action_type': 'EXPORT_DATA', 'instructions': "Sign in at account.microsoft.com/privacy, navigate to 'Download your data', select the data categories you want to export, and submit the request. Microsoft will prepare a downloadable file of your personal data.", 'deadline_days': None, 'deadline_hours': None} {'method': 'WEB_FORM', 'recipient': 'https://account.microsoft.com/privacy', 'difficulty': 'MODERATE', 'action_type': 'DELETE_DATA', 'instructions': "Sign in at account.microsoft.com/privacy, navigate to each activity category (browsing, search, location, etc.), and use the 'Clear' or 'Delete' options. For account closure and full data deletion, go to account.microsoft.com/close-account.", 'deadline_days': None, 'deadline_hours': None}

Which regulatory agencies enforce this type of clause?

{'agency': 'FTC', 'reason': 'The FTC has enforcement authority over deceptive representations about data access and deletion rights under FTC Act Section 5.', 'complaint_url': 'https://reportfraud.ftc.gov/'}, {'agency': 'State_AG', 'reason': 'State AGs enforce CCPA/CPRA and equivalent state privacy law rights to access, correct, and delete personal data held by Microsoft.', 'complaint_url': 'https://www.naag.org/find-my-ag/'}

What is the severity of this clause?

ConductAtlas classifies this User Rights and Data Access Controls clause as medium severity. Severity reflects the magnitude of rights affected, the breadth of users impacted, and the degree of discretion the platform retains.

User Rights and Data Access Controls — Microsoft

Share 𝕏 Share in Share

What it is

Microsoft gives users tools to view, download, correct, and delete their personal data through the Privacy Dashboard. Some deletion requests may be refused if legal or business requirements mean the data must be kept.

Consumer impact (what this means for users)

You have the right to access, export, correct, and delete your Microsoft personal data, but Microsoft may decline deletion requests citing legal requirements or legitimate business interests, leaving some data beyond your control.

What you can do

⚠️ These actions may provide transparency or partial mitigation but may not fully address the underlying issue. Effectiveness varies by jurisdiction and individual circumstances.

Export Your Data

Sign in at account.microsoft.com/privacy, navigate to 'Download your data', select the data categories you want to export, and submit the request. Microsoft will prepare a downloadable file of your personal data.
Delete Your Data

Sign in at account.microsoft.com/privacy, navigate to each activity category (browsing, search, location, etc.), and use the 'Clear' or 'Delete' options. For account closure and full data deletion, go to account.microsoft.com/close-account.

How other platforms handle this

Glassdoor Medium

Glassdoor affiliates include Indeed and Indeed Flex. You can read more about our affiliates and our shared commitment to privacy at our Privacy Center.

Meta Medium

In return for our commitment to provide the Meta Products to you, we require you to make the following commitments to us. Who can use Facebook. When people stand behind their opinions and actions, our community is safer and more accountable. For this reason, you must: use the same name that you use ...

TaskRabbit Medium

We may also share your Personal Information with interested parties in connection with, or during negotiations of, any proposed or actual merger, purchase, or sale of all or any portion of our assets to another business.

See all platforms with this clause type →

Need full compliance memos? See Professional →

Why it matters (compliance & risk perspective)

Knowing your rights and how to exercise them is the primary way you can control what Microsoft knows about you — but the carve-outs for 'legitimate business interests' mean not all deletion requests will be honored.

View original clause language

You can access and control your personal data that Microsoft has collected, and exercise your data protection rights, by using various tools we provide. The Privacy Dashboard at account.microsoft.com/privacy allows you to view and clear much of the data we hold about you. You have rights to access, correct, delete, and export your personal data, subject to applicable law. If you live in the European Economic Area, you also have the right to object to processing and to restrict processing. Some of these rights may be limited, for example if fulfilling your request would reveal personal data about another person, or if you ask us to delete information which we are required by law or legitimate business interests to keep.

Institutional analysis (Compliance & legal intelligence)

REGULATORY FRAMEWORK: GDPR Arts. 15-22 establish data subject rights (access, rectification, erasure, portability, objection, restriction). CCPA/CPRA §§1798.100, 1798.105, 1798.110, 1798.115, 1798.120 establish equivalent California consumer rights. U.S. state privacy laws (VCDPA §59.1-578, CPA §6-1-1306, TDPSA §541.051, CTDPA §4-43) provide equivalent rights. UK GDPR mirrors GDPR rights post-Brexit. COPPA grants parents rights to access and delete children's data. FTC Act Section 5 applies to deceptive representations about the scope of user rights.

🔒

Compliance intelligence locked

Regulatory citations, enforcement risk, and due diligence action items.

Watcher $9.99/mo Professional $149/mo

Watcher: regulatory citations. Professional: full compliance memo.

Applicable agencies

FTC

The FTC has enforcement authority over deceptive representations about data access and deletion rights under FTC Act Section 5.
File a complaint →
State AG

State AGs enforce CCPA/CPRA and equivalent state privacy law rights to access, correct, and delete personal data held by Microsoft.
File a complaint →

Applicable regulations

United States Federal

CAN-SPAM

United States Federal

DMA

European Union

FCRA

United States Federal

GDPR

European Union

GLBA

United States Federal

HIPAA

United States Federal

UK GDPR

United Kingdom

Provision details

Document information

Document

Microsoft Privacy Statement (Legacy)

Entity

Microsoft

Document last updated

March 5, 2026

Tracking information

First tracked

April 9, 2026

Last verified

April 9, 2026

Record ID

CA-P-002500

Document ID

CA-D-00001

Evidence Provenance

Source URL

https://www.microsoft.com/en-us/privacy/privacystatement

Wayback Machine

View archived versions →

SHA-256

7a7aaaae65bc958b5f0f4bd77710852e41e6cfb0400ed13c15acbc6d552e2a1d

Verified

✓ Snapshot stored ✓ Change verified

How to Cite

ConductAtlas Policy Archive
Entity: Microsoft | Document: Microsoft Privacy Statement (Legacy) | Record: CA-P-002500
Captured: 2026-04-09 15:01:32 UTC | SHA-256: 7a7aaaae65bc958b…
URL: https://conductatlas.com/platform/microsoft/microsoft-privacy-statement-legacy/user-rights-and-data-access-controls/
Accessed: April 29, 2026

Classification

Severity

Medium

User Rights and Data Access Controls

What it is

Consumer impact (what this means for users)

What you can do

Why it matters (compliance & risk perspective)

Institutional analysis (Compliance & legal intelligence)

Applicable agencies

Applicable regulations

Provision details

Other provisions in this document

Related Analysis