Microsoft requires parental or guardian consent before collecting personal data from children under the applicable age of digital consent (13 in the US, higher in some countries), and offers family safety tools to manage children's accounts.
Children using Microsoft products like Xbox or Microsoft 365 Education may have their data collected and processed, and parents need to actively manage family accounts to ensure appropriate privacy protections are in place.
This provision directly engages COPPA compliance obligations for US users under 13, GDPR Article 8 consent requirements for minors in EU jurisdictions, and FERPA where Microsoft products are deployed in educational settings; organisations deploying Microsoft 365 Education must review data processing agreements for student data handling.
Compliance intelligence locked
Regulatory citations, enforcement risk, and due diligence action items.
Watcher: regulatory citations. Professional: full compliance memo.
Microsoft collects an extensive range of personal data — including location, voice, typed content, browsing history, and device diagnostics — across all its products and may combine this data for advertising, product improvement, and AI model training. Consumers' personal data may be shared with third-party advertisers, affiliates, and service providers, and inferred data about interests and behaviour is generated even from passive use. You can review and manage your privacy settings, including ad personalisation and data collection preferences, at https://account.microsoft.com/privacy.