Microsoft shares your personal data with affiliates, subsidiaries, vendors, advertisers, and other third parties for purposes including service delivery, advertising, and legal compliance.
Your data does not stay solely with Microsoft — it flows to a wide ecosystem of partners and vendors, which expands the number of organisations that may process your personal information.
Third-party data sharing arrangements require controller-to-processor or controller-to-controller agreements under GDPR Articles 26-28; compliance teams should review Microsoft's vendor and advertiser data sharing disclosures and ensure enterprise DPAs adequately restrict onward transfers and sub-processing.
Compliance intelligence locked
Regulatory citations, enforcement risk, and due diligence action items.
Watcher: regulatory citations. Professional: full compliance memo.
Microsoft collects an extensive range of personal data — including location, voice, typed content, browsing history, and device diagnostics — across all its products and may combine this data for advertising, product improvement, and AI model training. Consumers' personal data may be shared with third-party advertisers, affiliates, and service providers, and inferred data about interests and behaviour is generated even from passive use. You can review and manage your privacy settings, including ad personalisation and data collection preferences, at https://account.microsoft.com/privacy.