What can I do about this clause?

{'method': 'WEB_FORM', 'recipient': 'https://aka.ms/privacyrequest', 'difficulty': 'MODERATE', 'action_type': 'EXPORT_DATA', 'instructions': "Visit Microsoft's Privacy Request portal at https://aka.ms/privacyrequest, sign in with your Microsoft account, and submit a data export or access request to obtain a copy of personal data Microsoft holds about you, including data processed by AI systems.", 'deadline_days': 30, 'deadline_hours': None}

Which regulatory agencies enforce this type of clause?

{'agency': 'FTC', 'reason': 'The FTC has jurisdiction over unfair or deceptive data privacy practices related to AI systems under Section 5 of the FTC Act and has issued specific AI privacy guidance.', 'complaint_url': 'https://reportfraud.ftc.gov/'}, {'agency': 'State_AG', 'reason': 'State Attorneys General in California and other states with comprehensive privacy laws have enforcement authority over AI-related personal data processing practices.', 'complaint_url': 'https://www.naag.org/find-my-ag/'}

What is the severity of this clause?

ConductAtlas classifies this Privacy and Security in AI Commitment clause as medium severity. Severity reflects the magnitude of rights affected, the breadth of users impacted, and the degree of discretion the platform retains.

Do other platforms have similar clauses?

Yes. ConductAtlas has identified similar Privacy and Security in AI Commitment clauses across approximately 1 other tracked platforms. You can compare how platforms differ on this clause type in the cross-platform comparison view.

Privacy and Security in AI Commitment — Microsoft

Share 𝕏 Share in Share 🔒 PDF

What it is

Microsoft states that its AI systems will respect privacy and maintain security, supporting individual privacy protections throughout the AI lifecycle.

Consumer impact (what this means for users)

This privacy commitment does not tell you what personal data Microsoft's AI uses, who it shares it with, or how long it keeps it — for those details and your legal rights, you must consult the Microsoft Privacy Statement and applicable law.

What you can do

⚠️ These actions may provide transparency or partial mitigation but may not fully address the underlying issue. Effectiveness varies by jurisdiction and individual circumstances.

Export Your Data
Within 30 days
Visit Microsoft's Privacy Request portal at https://aka.ms/privacyrequest, sign in with your Microsoft account, and submit a data export or access request to obtain a copy of personal data Microsoft holds about you, including data processed by AI systems.

Cross-platform context

See how other platforms handle Privacy and Security in AI Commitment and similar clauses.

Compare across platforms →

Need full compliance memos? See Professional →

Why it matters (compliance & risk perspective)

This commitment is relevant to consumers whose personal data is processed by Microsoft AI systems, but it does not specify what data is collected, how long it is retained, or with whom it is shared — those details are in separate binding documents.

Institutional analysis (Compliance & legal intelligence)

(1) REGULATORY FRAMEWORK: GDPR Art. 5(1)(f) integrity and confidentiality principle, Art. 25 data protection by design and by default, and Art. 32 security of processing are directly implicated. CCPA/CPRA §1798.100-1798.199 provides California residents rights regarding personal data used in AI systems. HIPAA 45 CFR Parts 160 and 164 applies to any health data processed by Microsoft AI. The EU AI Act Art. 10 requires training data governance practices for high-risk AI. Enforcement: national DPAs (EU), California Privacy Protection Agency, HHS OCR. (2)

🔒

Compliance intelligence locked

Regulatory citations, enforcement risk, and due diligence action items.

Watcher $9.99/mo Professional $149/mo

Watcher: regulatory citations. Professional: full compliance memo.

Applicable agencies

FTC

The FTC has jurisdiction over unfair or deceptive data privacy practices related to AI systems under Section 5 of the FTC Act and has issued specific AI privacy guidance.
File a complaint →
State AG

State Attorneys General in California and other states with comprehensive privacy laws have enforcement authority over AI-related personal data processing practices.
File a complaint →

Provision details

Document information

Document

Microsoft Responsible AI Principles

Entity

Microsoft

Document last updated

April 29, 2026

Tracking information

First tracked

April 27, 2026

Last verified

April 27, 2026

Record ID

CA-P-003199

Document ID

CA-D-00019

Evidence Provenance

Source URL

https://www.microsoft.com/en-us/ai/responsible-ai

Wayback Machine

View archived versions →

SHA-256

77bc43a7f84410902fdbac1b71574e6a146d5315f383cd6ee7ecdd0ee54cd259

Verified

✓ Snapshot stored ✓ Change verified

How to Cite

ConductAtlas Policy Archive
Entity: Microsoft | Document: Microsoft Responsible AI Principles | Record: CA-P-003199
Captured: 2026-04-27 09:59:26 UTC | SHA-256: 77bc43a7f8441090…
URL: https://conductatlas.com/platform/microsoft/microsoft-responsible-ai-principles/privacy-and-security-in-ai-commitment/
Accessed: May 2, 2026

Classification

Severity

Medium

Privacy and Security in AI Commitment