Microsoft Privacy Report
At Microsoft, we value, protect, and defend your privacy. Our approach is built on our long-standing privacy principles of user control, transparency, security, defending data, and using personal data in ways that provide meaningful benefit to you.
We are committed to protecting privacy by providing products, information, and controls that allow you to choose how your data is collected and used. From products built with privacy by design to transparent information and user controls, our goal is to empower you to make informed choices about your data.
The Microsoft Privacy Report is part of our commitment to privacy and transparency. It is published to provide the latest information on what personal data we collect, how it may be used, and how you can manage and control your information.
Driving AI innovation while protecting privacy
Microsoft remains committed to advancing AI responsibly while safeguarding privacy and other fundamental rights. We provide transparency, choice, and easy to use tools to help our customers control their data and will continue to adapt to the evolving privacy landscape to serve our customers and the industry.
At Microsoft, we believe protecting privacy is fundamental to the development of advanced technologies, like the latest generative AI systems. We have a principles-based Reponsible AI governance structure and dedicated employees across multiple disciplines who ensure our AI solutions align with our privacy commitments, regulatory obligations and meet societal and customer expectations.
As our customers expand their use of this technology, we will continue to develop solutions that promote safe, secure, and transparent AI. A core aspect of our effort is our adherence to our Responsible AI Standard, which outlines specific requirements for how we develop and deploy AI systems. The standard guides our internal teams by transforming our AI principles – of fairness, reliability, safety, privacy, security, inclusiveness, transparency, and accountability – to concrete engineering practices.
As part of our commitment to transparency, we describe the personal data we collect, how we use this data, and how we share this data in the Microsoft Privacy Statement. Our customers can easily find a summary of recent updates in our Change History.
Microsoft has integrated Copilot, your AI companion, into many products and services. This integration aligns to our critical security, compliance, and privacy policies. To help people understand the capabilities of these new AI solutions and ensure transparency in our approach, Microsoft has published a variety of resources. Customers can find more information about Microsoft Copilot in our documentation, adoption resources, and new Copilot Lab resource page, and through the Copilot Learning Hub. Other resources can be found through our Azure OpenAI Service page and corresponding documentation, quickstarts and API reference guides.
We have been at the forefront of cutting-edge research in AI and will continue to integrate powerful, innovative AI technologies into our products and services to help customers do more while protecting their privacy and preserving their trust.
Recent updates in AI innovation and privacy at Microsoft:
- In October 2024, we announced our refreshed Copilot—focused on delivering a more intuitive design with more digestible, speedy and fluent answers. Safety and security continue to be our top priority – and we keep privacy and responsibility at the center of everything we do.
- In September 2024, we announced new product capabilities to enhance the security, safety, and privacy of AI systems, including updates to Microsoft Defender, Purview, and Azure AI Content Safety.
- In August 2024, we announced that we will start using consumer interactions with Copilot, Bing, and Microsoft Start (MSN) (including interactions with advertisements) to help train generative AI models in Copilot and make it simple for consumers to opt out.
- In June 2024, we released a new whitepaper titled "GDPR & Generative AI – A Guide for Customers" to help guide customers subject to GDPR who want to understand and harness the full potential of Microsoft’s generative AI solutions. We also released a version for Public Sector customers in April 2024: GDPR & Generative AI: A Guide for the Public Sector.
- In December 2023 and March 2024, we published resources about our approach to privacy and AI for our consumer and commercial and public sector customers.
Helping consumers control their data
We provide tools to help you control your personal data and manage your interactions with Microsoft products and services. The Microsoft privacy dashboard allows you to view, delete, and manage your privacy settings and data collected while signed into your Microsoft account. This includes data from Bing searches, Copilot in Bing, Microsoft Edge browsing, location history, and the use of Microsoft apps and services. For Copilot in Bing, this includes the ability to view, export, and delete stored conversation history. Family organizers can view and manage the activity data for connected child accounts from the privacy dashboard. The privacy dashboard has an average of 3.5 million monthly users, demonstrating active engagement and use globally.
We believe it is important to supplement privacy tools like the dashboard with educational resources, particularly for young people as they learn to navigate the online world. For our young users, Microsoft offers an immersive game-based learning adventure, Privacy Prodigy, for students aged 7-18. In this Minecraft game, players learn to protect their data as they encounter scenarios that teach them about personal information sharing and privacy. Privacy prodigy is available at no cost in our Minecraft Education portal and in the Minecraft Marketplace. To further support our young users, we provide resources including our Xbox Data Collection for kids page, Xbox Transparency Report, and Privacy for young people. To support families and their privacy, we have developed the Family Safety Toolkit, the Xbox Family Settings app, and Microsoft Family Safety resources.
Privacy for commercial and public sector customers
For our commercial and public sector customers, Microsoft has a variety of enterprise-grade solutions and services that help our customers control, protect, and defend their data in any jurisdiction in which we operate. For example, with the EU Data Boundary, Microsoft provides enhanced residency capabilities for processing and storing commercial and public sector customers’ personal data within the European Union.
With the Microsoft Purview and Microsoft Priva offerings, organizations can understand and govern their data estates and sensitive information. With Microsoft Purview, organizations can secure and govern their data to reduce risk and meet compliance obligations. Microsoft Priva complements Purview by providing advanced automation capabilities to help organizations streamline their privacy management processes and standardize compliance.
And with Microsoft Entra, organizations can manage user identities and control access to their applications, data and resources.
Recent updates in privacy tools and resources for organizations:
- In September 2024, we shared the key benefits of Microsoft Entra Private Access, following the general availability of the Microsoft Entra Suite in July 2024. Microsoft Entra Private Access is a core component of our Security Service Edge (SSE) solution.
- In July 2024, we announced the integration of Microsoft Purview with ChatGPT Enterprise Compliance API. This integration allows organizations to gain visibility into the prompts and responses from ChatGPT Enterprise.
Privacy by design. Understanding required and optional data.
For each core online service offered to enterprise and public sector customers, we provide our customers with transparency around how we use diagnostic data through a system that identifies when the personal data is used for purposes that are Required or Optional. Required data helps us keep our products secure and up to date. It also helps us fix any problems with how they work. Optional data lets us improve our products with extra features or analysis. Our customers can choose whether to share optional data with us.
We are committed to being transparent about the data we collect, how we use it, and the choices that are available to our customers. We regularly publish and update summaries for each of our core online services to help our customers understand how their data is used and to make informed choices.
Privacy in a changing world
Microsoft has long supported comprehensive privacy legislation and is committed to helping develop durable global solutions. New technology, including Generative AI, has been a transformative force over the past year and, as a result, we have also seen major shifts in the regulatory landscape, particularly in Europe, with new laws like the EU AI Act. In the U.S., there is accelerated enforcement and new laws at the state level. And existing frameworks such as the General Data Protection Regulation influence data protection standards across the globe even as they evolve based on regulatory and court decisions.
The near constant regulatory changes in the global landscape require a thoughtful and collaborative approach. At Microsoft, we work constructively with regulators, lawmakers, NGOs, and other stakeholders at both the federal and state level in the United States and internationally to advance meaningful data protection and privacy regulation.
Our products and services already comply with global regulations, and we are committed to swiftly adapting to changing regulations on behalf of our customers. We advocate for strong, comprehensive, and interoperable privacy and data protection laws worldwide and provide regular notices to our customers and employees.
Learn more about Microsoft reports
Microsoft remains committed to ongoing engagement and improvement as we navigate this new era of innovation and regulation. Guided by our principles and mature data governance model, we strive to protect privacy and ensure responsible data stewardship both within and outside the company. We will continue to share learnings to help our customers. In addition to this Privacy Report, our Reports Hub provides a comprehensive overview of our initiatives to foster digital trust. Here, we regularly publish reports, including metrics on how Microsoft responds to government and law enforcement requests for user data and content removal. In October 2023, the Bing EU Digital Services Act Report was added. And in May 2024, our Responsible AI Transparency Report was added to the Reports Hub, where we publish these other reports:
Tell us how we are doing!
Contact the Microsoft privacy team with your feedback about this Privacy Report.