Microsoft collects data about your interests, browsing activity, and interactions across its products to show you personalized advertisements.
Why it matters
Microsoft builds a profile of your interests and behaviors across multiple products and services, which is used to target you with ads — you may not realize how much data feeds into this profile.
This practice engages GDPR Article 22 (automated decision-making and profiling), CCPA/CPRA opt-out rights for cross-context behavioral advertising, and FTC guidelines on data broker and advertising practices; compliance teams should assess lawful basis and opt-out mechanism adequacy.
🔒
Compliance intelligence locked
Regulatory citations, enforcement risk, and due diligence action items.
Watcher: regulatory citations. Professional: full compliance memo.
Consumer impact
Microsoft collects a broad range of personal data across all its products and services — including location, voice inputs, browsing history, and behavioral profiles — which is used for advertising, product improvement, and AI model training, creating significant privacy implications for everyday users. Data is shared with third-party advertising partners and affiliates, meaning information generated in one Microsoft product may influence experiences across unrelated services. You can review and manage your privacy settings, including ad personalization and data sharing preferences, by visiting account.microsoft.com/privacy.
What you can do
⚠️ These actions may provide transparency or partial mitigation but may not fully address the underlying issue. Effectiveness varies by jurisdiction and individual circumstances.
Export Your Data
Log in to your Microsoft account, go to the Privacy Dashboard, select 'Ad settings', and toggle off 'Interest-based advertising' to opt out of behavioral ad targeting.
Applicable agencies
Federal Trade Commission (ftc)
Oversees unfair or deceptive business practices and can investigate companies that mislead consumers about data collection, sharing, or use.
Who can file: Anyone affected by the company's practices (US or international)
What you need: Your account details, a timeline of relevant events, and a description of the specific issue
What to expect: Complaints inform FTC enforcement priorities and investigations but do not result in individual resolution or compensation
State AGs in California, New York, Texas, and other states can investigate violations of state consumer protection and privacy laws, including CCPA (California), SHIELD Act (New York), and equivalents.
Who can file: Residents of states with comprehensive privacy laws — primarily California, Virginia, Colorado, Connecticut, and Utah
What you need: Evidence of the violation, explanation of how your state rights were affected, and your account or contact information with the company
What to expect: Outcomes vary by state. May result in investigation, enforcement action, or requirement for the company to change practices. No direct individual compensation in most cases.
Search "[your state] attorney general consumer complaint" to find your state's direct complaint form