Microsoft · Microsoft Privacy Statement (Legacy)

Voice Data Collection for Speech Recognition

High severity
Share 𝕏 Share in Share 🔒 PDF

What it is

Microsoft records your voice when you use speech-to-text or voice command features and may use those recordings to improve its speech recognition technology, with the ability to opt out of this optional collection.

Consumer impact (what this means for users)

Consumers using Windows Cortana, dictation, or any Microsoft voice feature should be aware that their voice data may be stored and used to improve Microsoft's speech recognition systems unless they disable this optional data collection in privacy settings.

What you can do

⚠️ These actions may provide transparency or partial mitigation but may not fully address the underlying issue. Effectiveness varies by jurisdiction and individual circumstances.
  • Opt Out of Arbitration
    Open Windows Settings, navigate to Privacy & Security, then select Speech. Toggle off 'Online speech recognition' and any optional voice improvement settings to prevent voice data from being sent to Microsoft.

Cross-platform context

See how other platforms handle Voice Data Collection for Speech Recognition and similar clauses.

Compare across platforms →
Need full compliance memos? See Professional →

Why it matters (compliance & risk perspective)

Voice recordings are sensitive biometric-adjacent data that can reveal health conditions, personal relationships, and location; their use for product improvement beyond the original service purpose raises significant privacy concerns.

View original clause language
Microsoft collects voice data—for example, when you use speech recognition features. We convert your voice input into text to provide you with the service, such as search queries, dictation, or commands. We may also use your voice data to improve our speech recognition products, though you can turn off this optional collection.

Institutional analysis (Compliance & legal intelligence)

REGULATORY FRAMEWORK: This provision implicates GDPR Art. 9 (special category data — voice data may qualify as biometric data under Art. 4(14) if used to uniquely identify individuals), Art. 6(1)(a) (consent as lawful basis for processing beyond service provision), and Art. 5(1)(b) (purpose limitation); Washington My Health Data Act (voice data may constitute consumer health data in some contexts); Illinois BIPA (740 ILCS 14) where voice data constitutes a biometric identifier; and FTC Act Section 5 for deceptive practices. Enforcement by EU DPAs, Washington AG, Illinois AG, and FTC.

🔒

Compliance intelligence locked

Regulatory citations, enforcement risk, and due diligence action items.

Watcher $9.99/mo Professional $149/mo

Watcher: regulatory citations. Professional: full compliance memo.

Applicable agencies

  • FTC
    FTC has enforcement authority over deceptive voice data collection practices under FTC Act Section 5.
    File a complaint →
  • State AG
    Illinois AG (BIPA enforcement) and Washington AG (My Health Data Act) have jurisdiction over voice and biometric data collection practices.
    File a complaint →

Provision details

Document information
Document
Microsoft Privacy Statement (Legacy)
Entity
Microsoft
Document last updated
March 5, 2026
Tracking information
First tracked
April 28, 2026
Last verified
April 28, 2026
Record ID
CA-P-003851
Document ID
CA-D-00001
Evidence Provenance
Source URL
https://www.microsoft.com/en-us/privacy/privacystatement
Wayback Machine
View archived versions →
SHA-256
9e697464d17b7148c787f07099c60e30370abb2b13a7f2a910f607e31ec13158
Verified
✓ Snapshot stored   ✓ Change verified
How to Cite
ConductAtlas Policy Archive
Entity: Microsoft | Document: Microsoft Privacy Statement (Legacy) | Record: CA-P-003851
Captured: 2026-04-28 08:11:57 UTC | SHA-256: 9e697464d17b7148…
URL: https://conductatlas.com/platform/microsoft/microsoft-privacy-statement-legacy/voice-data-collection-for-speech-recognition/
Accessed: April 29, 2026
Classification
Severity
High
Categories
Unknown

Other provisions in this document