Microsoft combines data collected across different products and services — such as Bing searches, Windows activity, and Xbox usage — to build a profile of your interests and serve you targeted advertisements.
Data from completely different parts of your digital life is merged to target you with ads, which means your activity in one Microsoft product can influence what you see in others, with limited transparency into how this profile is built.
Cross-context behavioural advertising using combined data sets engages GDPR Article 6(1)(a) consent requirements, CCPA/CPRA opt-out rights for sharing personal information for cross-context advertising, and FTC guidance on data broker-style profiling; compliance teams should assess whether data minimisation and purpose limitation obligations are met.
Compliance intelligence locked
Regulatory citations, enforcement risk, and due diligence action items.
Watcher: regulatory citations. Professional: full compliance memo.
Microsoft collects an extensive range of personal data — including location, voice, typed content, browsing history, and device diagnostics — across all its products and may combine this data for advertising, product improvement, and AI model training. Consumers' personal data may be shared with third-party advertisers, affiliates, and service providers, and inferred data about interests and behaviour is generated even from passive use. You can review and manage your privacy settings, including ad personalisation and data collection preferences, at https://account.microsoft.com/privacy.