The policy authorizes sharing of personal data collected through Minecraft services with Microsoft affiliates and third-party service providers for purposes including service operation, analytics, safety, and other disclosed purposes. The scope of affiliate sharing reflects Minecraft's integration into Microsoft's corporate infrastructure following the acquisition of Mojang Studios.
This analysis describes what Minecraft's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This provision establishes that Minecraft user data, including account identifiers, gameplay data, and device information, may be processed across Microsoft's global affiliate network. Compliance teams should evaluate whether the categories of data shared with affiliates and the purposes for which sharing occurs are disclosed with sufficient specificity to meet GDPR transparency requirements.
Interpretive note: The actual policy text was not fully rendered in the provided HTML; this provision is inferred from the document's subject matter and Minecraft's known operational relationship with Microsoft. Specific sharing categories and purposes could not be directly quoted.
The current version provision has no excerpt text provided, suggesting the data sharing disclosure may have been restructured or removed from this section.
View full change record →Significantly condensed from detailed enumeration of sharing scenarios (legal requirements, customer protection, security, rights protection) to simplified reference to Microsoft Privacy Statement.
View full change record →The agreement authorizes sharing personal data with Microsoft affiliates and third-party service providers for service operation and related purposes. Under these terms, Minecraft user data may be processed within Microsoft's global infrastructure, and users in the EU, UK, and California may have rights to know the categories of recipients and to limit certain sharing.
How other platforms handle this
At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.
If you are located in the European Economic Area, Switzerland, or the United Kingdom, you have the right to access, correct, or erase your personal data; the right to restrict or object to our processing of your personal data; the right to data portability; and, where our processing is based on your...
We use information to enhance the quality, reliability, and/or accuracy of our AI Features by creating, developing, training, testing, improving, and maintaining AI and ML models run by Strava or our service providers. We use aggregated, de-identified data for this purpose. We also use personal info...
Monitoring
Minecraft has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
(1) REGULATORY LANDSCAPE: This provision implicates GDPR Articles 13, 14, and 28 (transparency and processor obligations), CCPA/CPRA requirements for disclosing categories of third parties with whom personal information is shared, and FTC Act requirements regarding unfair or deceptive practices in privacy disclosures. The EU data protection authorities, UK ICO, and California Privacy Protection Agency (CPPA) have relevant enforcement authority. (2) GOVERNANCE EXPOSURE: Medium. Data sharing with affiliates within a corporate group is a common practice; however, the breadth of Microsoft's affiliate network and the scale of Minecraft's user base mean that data flows may cross multiple jurisdictions and involve numerous processing entities. Compliance exposure depends on whether the policy's descriptions of sharing purposes and recipient categories are specific enough to satisfy GDPR and CCPA transparency obligations. (3) JURISDICTION FLAGS: EU and UK users have heightened rights regarding data sharing disclosures, including the right to receive information about recipients or categories of recipients. California users have CCPA/CPRA rights to know whether personal information is sold or shared for cross-context behavioral advertising. The policy's treatment of these obligations should be evaluated for each jurisdiction. (4) CONTRACT AND VENDOR IMPLICATIONS: The Microsoft Data Processing Agreement and Standard Contractual Clauses (or equivalent transfer mechanisms) should be reviewed to confirm they cover Minecraft-specific data flows to non-EEA affiliates. Procurement teams should verify that sub-processors engaged for Minecraft services are covered under applicable data processing agreements. (5) COMPLIANCE CONSIDERATIONS: Compliance teams should map data flows from Minecraft services to Microsoft affiliates and third-party service providers, confirm that data processing agreements are in place, and assess whether transfer impact assessments are required for cross-border transfers to non-adequate countries.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Ad personalization controls removed. Contact scanning added. Advertiser data partnerships quietly dropped. A timeline of every change.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This provision establishes that Minecraft user data, including account identifiers, gameplay data, and device information, may be processed across Microsoft's global affiliate network. Compliance teams should evaluate whether the categories of data shared with affiliates and the purposes for which sharing occurs are disclosed with sufficient specificity to meet GDPR transparency requirements.
The agreement authorizes sharing personal data with Microsoft affiliates and third-party service providers for service operation and related purposes. Under these terms, Minecraft user data may be processed within Microsoft's global infrastructure, and users in the EU, UK, and California may have rights to know the categories of recipients and to limit certain sharing.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Minecraft.