Microsoft · Responsible AI

Privacy and Security in AI

High severity
Share 𝕏 Share in Share 🔒 PDF

What it is

Microsoft commits to designing AI systems that protect user privacy and are secure, acknowledging that AI systems require large amounts of data and must comply with privacy laws.

Consumer impact (what this means for users)

Microsoft's AI systems process large amounts of data to function, and while Microsoft commits to privacy-by-design, consumers should review product-specific privacy statements to understand exactly what personal data is collected and how it is used in AI training and operation.

What you can do

⚠️ These actions may provide transparency or partial mitigation but may not fully address the underlying issue. Effectiveness varies by jurisdiction and individual circumstances.
  • Export Your Data
    Visit Microsoft's privacy dashboard at https://account.microsoft.com/privacy to review and export the personal data Microsoft holds about you, including data processed by AI features.

Cross-platform context

See how other platforms handle Privacy and Security in AI and similar clauses.

Compare across platforms →
Need full compliance memos? See Professional →

Why it matters (compliance & risk perspective)

This commitment signals that Microsoft intends to comply with privacy laws when training and operating AI, but the acknowledgment that AI requires large data sets means significant personal data may be processed by AI systems.

View original clause language
Privacy and security: AI systems should be secure and respect privacy. AI and machine learning need large amounts of data to produce results. Privacy laws and regulations require that data must be handled in certain ways, and we need AI to be designed and built with privacy in mind.

Institutional analysis (Compliance & legal intelligence)

(1) REGULATORY FRAMEWORK: This provision directly engages GDPR Arts. 5, 6, 25 (data protection by design and default), 35 (data protection impact assessments for high-risk processing), and 22 (automated decision-making); CCPA/CPRA §1798.100 et seq. (consumer rights regarding personal information used in AI); HIPAA 45 CFR Part 164 where health data is processed; EU AI Act Art. 10 (data governance requirements); and NIST Privacy Framework. EU DPAs, California Privacy Protection Agency, and HHS OCR are primary enforcement authorities. (2)

🔒

Compliance intelligence locked

Regulatory citations, enforcement risk, and due diligence action items.

Watcher $9.99/mo Professional $149/mo

Watcher: regulatory citations. Professional: full compliance memo.

Applicable agencies

  • FTC
    FTC has authority over unfair or deceptive data practices including AI data collection and use under FTC Act Section 5, and has issued specific AI privacy guidance.
    File a complaint →

Provision details

Document information
Document
Responsible AI
Entity
Microsoft
Document last updated
March 5, 2026
Tracking information
First tracked
April 27, 2026
Last verified
April 27, 2026
Record ID
CA-P-003111
Document ID
CA-D-00003
Evidence Provenance
Source URL
https://www.microsoft.com/en-us/ai/responsible-ai#legacy
Wayback Machine
View archived versions →
SHA-256
17d4b7dd772937329cdd57fe4bced78e38fc42b1260d418279febdf8127cc1d7
Verified
✓ Snapshot stored   ✓ Change verified
How to Cite
ConductAtlas Policy Archive
Entity: Microsoft | Document: Responsible AI | Record: CA-P-003111
Captured: 2026-04-27 08:55:46 UTC | SHA-256: 17d4b7dd77293732…
URL: https://conductatlas.com/platform/microsoft/responsible-ai/privacy-and-security-in-ai/
Accessed: May 2, 2026
Classification
Severity
High
Categories
Unknown

Other provisions in this document