What can I do about this clause?

{'method': 'WEB_FORM', 'recipient': 'https://account.microsoft.com/privacy', 'difficulty': 'EASY', 'action_type': 'DELETE_DATA', 'instructions': "Visit account.microsoft.com/privacy to access Microsoft's privacy dashboard, where you can view the data Microsoft holds about you, download a copy, or submit a deletion request for specific data categories.", 'deadline_days': None, 'deadline_hours': None}

Which regulatory agencies enforce this type of clause?

{'agency': 'FTC', 'reason': "The FTC has authority to investigate whether Microsoft's consent-by-reference mechanism for its Privacy Statement constitutes a deceptive practice under FTC Act Section 5 if consumers are not meaningfully informed of data collection practices.", 'complaint_url': 'https://reportfraud.ftc.gov/'}, {'agency': 'State_AG', 'reason': "California's AG and CPPA enforce CCPA requirements including notice-at-collection obligations and the right to know all purposes for which personal information is used.", 'complaint_url': 'https://www.naag.org/find-my-ag/'}

What is the severity of this clause?

ConductAtlas classifies this Microsoft Account Data and Privacy clause as high severity. Severity reflects the magnitude of rights affected, the breadth of users impacted, and the degree of discretion the platform retains.

Microsoft Account Data and Privacy — Microsoft

Share 𝕏 Share in Share 🔒 PDF

What it is

Microsoft collects data from you and your devices when you use its services, and the full details of what is collected and how it is used are in a separate Privacy Statement — by using any Microsoft service, you consent to this data collection.

Consumer impact (what this means for users)

By using any Microsoft service you consent to data collection described in a separate Privacy Statement — which covers device diagnostics, usage data, advertising identifiers, and voice/search data — and you should review that document at privacy.microsoft.com to understand the full scope of data Microsoft collects.

What you can do

⚠️ These actions may provide transparency or partial mitigation but may not fully address the underlying issue. Effectiveness varies by jurisdiction and individual circumstances.

Delete Your Data

Visit account.microsoft.com/privacy to access Microsoft's privacy dashboard, where you can view the data Microsoft holds about you, download a copy, or submit a deletion request for specific data categories.

Cross-platform context

See how other platforms handle Microsoft Account Data and Privacy and similar clauses.

Compare across platforms →

Need full compliance memos? See Professional →

Why it matters (compliance & risk perspective)

Incorporating the Privacy Statement by reference rather than including it directly means consumers must review a separate lengthy document to understand the full extent of Microsoft's data collection, which may include diagnostic data, usage patterns, location data, and advertising identifiers.

View original clause language

Your privacy is important to us. Please read the Microsoft Privacy Statement as it describes the types of data we collect from you and your devices, how we use it, and the legal basis for our use of it. By using the Services, you consent to Microsoft's collection and use of your data as described in the Microsoft Privacy Statement.

Institutional analysis (Compliance & legal intelligence)

REGULATORY FRAMEWORK: This provision implicates GDPR Arts. 6, 7, 13 (lawful basis and transparency obligations), CCPA §1798.100 et seq. (right to know, delete, and opt out of sale), FTC Act Section 5, Washington My Health MY Data Act (SB 1155, 2023, covering consumer health data), and the EU ePrivacy Directive (cookie and device data collection). Enforcement authorities: Irish DPC (Microsoft's EU lead supervisory authority), California AG/CPPA, FTC, and Washington AG.

🔒

Compliance intelligence locked

Regulatory citations, enforcement risk, and due diligence action items.

Watcher $9.99/mo Professional $149/mo

Watcher: regulatory citations. Professional: full compliance memo.

Applicable agencies

FTC

The FTC has authority to investigate whether Microsoft's consent-by-reference mechanism for its Privacy Statement constitutes a deceptive practice under FTC Act Section 5 if consumers are not meaningfully informed of data collection practices.
File a complaint →
State AG

California's AG and CPPA enforce CCPA requirements including notice-at-collection obligations and the right to know all purposes for which personal information is used.
File a complaint →

Provision details

Document information

Document

Microsoft Services Agreement (Legacy)

Entity

Microsoft

Document last updated

March 5, 2026

Tracking information

First tracked

April 28, 2026

Last verified

April 28, 2026

Record ID

CA-P-003861

Document ID

CA-D-00002

Evidence Provenance

Source URL

https://www.microsoft.com/en-us/servicesagreement#legacy

Wayback Machine

View archived versions →

SHA-256

246226a9dde020cff365053de9faaea24c0f1babf1b6627a58b10222e23e9703

Verified

✓ Snapshot stored ✓ Change verified

How to Cite

ConductAtlas Policy Archive
Entity: Microsoft | Document: Microsoft Services Agreement (Legacy) | Record: CA-P-003861
Captured: 2026-04-28 08:17:11 UTC | SHA-256: 246226a9dde020cf…
URL: https://conductatlas.com/platform/microsoft/microsoft-services-agreement-legacy/microsoft-account-data-and-privacy/
Accessed: May 2, 2026

Classification

Severity

High

Microsoft Account Data and Privacy