Microsoft may transfer your personal data to countries outside your own, including the United States, where data protection laws may differ from those in your home country.
If you are in the EU, UK, or another jurisdiction with strong privacy laws, your data may be processed in countries with fewer legal protections unless specific transfer safeguards are in place.
Cross-border transfers engage GDPR Chapter V requirements (SCCs, adequacy decisions), UK IDTA mechanisms, and Schrems II compliance obligations; enterprise customers should ensure Microsoft's Data Processing Addendum reflects current transfer mechanisms and that supplementary measures are assessed for high-risk transfers.
Compliance intelligence locked
Regulatory citations, enforcement risk, and due diligence action items.
Watcher: regulatory citations. Professional: full compliance memo.
Microsoft collects an extensive range of personal data β including location, voice, typed content, browsing history, and device diagnostics β across all its products and may combine this data for advertising, product improvement, and AI model training. Consumers' personal data may be shared with third-party advertisers, affiliates, and service providers, and inferred data about interests and behaviour is generated even from passive use. You can review and manage your privacy settings, including ad personalisation and data collection preferences, at https://account.microsoft.com/privacy.