Xbox · Xbox Privacy Statement

Voice and Biometric Data Collection

High severity
Share 𝕏 Share in Share

What it is

Microsoft collects voice data when you use features like Cortana, dictation, or voice search, and may process this data to improve speech recognition systems.

Why it matters

Voice data is a particularly sensitive category of personal information, and its use to train AI speech models means recordings of your voice may be retained and analyzed beyond your immediate interaction.

Institutional analysis (Compliance & legal intelligence)

Voice and biometric data processing may trigger heightened obligations under GDPR Article 9 (special category data), Illinois BIPA, and other state biometric privacy laws; legal teams should assess whether Microsoft's consent mechanisms and retention practices satisfy these requirements.

🔒

Compliance intelligence locked

Regulatory citations, enforcement risk, and due diligence action items.

Watcher $9.99/mo Professional $149/mo

Watcher: regulatory citations. Professional: full compliance memo.

Consumer impact

Microsoft collects a broad range of personal data across all its products and services — including location, voice inputs, browsing history, and behavioral profiles — which is used for advertising, product improvement, and AI model training, creating significant privacy implications for everyday users. Data is shared with third-party advertising partners and affiliates, meaning information generated in one Microsoft product may influence experiences across unrelated services. You can review and manage your privacy settings, including ad personalization and data sharing preferences, by visiting account.microsoft.com/privacy.

What you can do

⚠️ These actions may provide transparency or partial mitigation but may not fully address the underlying issue. Effectiveness varies by jurisdiction and individual circumstances.
  • Delete Your Data
    Go to account.microsoft.com/privacy, sign in, navigate to 'Voice activity' under your data history, and delete stored voice recordings.

Applicable agencies

  • Federal Trade Commission (ftc)
    Oversees unfair or deceptive business practices and can investigate companies that mislead consumers about data collection, sharing, or use.
    Who can file: Anyone affected by the company's practices (US or international)
    What you need: Your account details, a timeline of relevant events, and a description of the specific issue
    What to expect: Complaints inform FTC enforcement priorities and investigations but do not result in individual resolution or compensation
    File a complaint →
  • State Attorney General
    State AGs in California, New York, Texas, and other states can investigate violations of state consumer protection and privacy laws, including CCPA (California), SHIELD Act (New York), and equivalents.
    Who can file: Residents of states with comprehensive privacy laws — primarily California, Virginia, Colorado, Connecticut, and Utah
    What you need: Evidence of the violation, explanation of how your state rights were affected, and your account or contact information with the company
    What to expect: Outcomes vary by state. May result in investigation, enforcement action, or requirement for the company to change practices. No direct individual compensation in most cases.

    Search "[your state] attorney general consumer complaint" to find your state's direct complaint form

Provision details

Document information
Document
Xbox Privacy Statement
Entity
Xbox
Document last updated
March 24, 2026
Tracking information
First tracked
March 6, 2026
Last verified
March 9, 2026
Record ID
CA-P-00018008
Document ID
CA-D-00018
Evidence Provenance
Source URL
https://privacy.microsoft.com/en-us/privacystatement
Wayback Machine
View archived versions →
SHA-256
52913b753539c1a15a88aac7a7f05761302dc7c3b0bcacc118ba86e035d7d996
Verified
✓ Snapshot stored   ✓ Change verified
How to Cite
ConductAtlas Policy Archive
Entity: Xbox | Document: Xbox Privacy Statement | Record: CA-P-00018008
Captured: 2026-03-06 20:33:20 UTC | SHA-256: 52913b753539c1a1…
URL: https://conductatlas.com/platform/xbox/xbox-privacy-statement/voice-and-biometric-data-collection/
Accessed: April 4, 2026
Classification
Severity
High
Categories
Surveillance Privacy Consent Data sharing

Other provisions in this document