Introduction

At Microsoft, we value, protect, and defend privacy. We live up to our commitment to protect your privacy by providing products, information, and controls that enable our customers to choose how their personal data is collected and used. We publish this Microsoft Privacy Report twice a year, providing you with the latest information on what personal data we collect, how it may be used, and how customers can manage and control their data. This report also summarizes important new developments in privacy at Microsoft since October 2021.

Since then, we’ve seen the continuation of several trends in privacy and data protection. These included the desire of both individuals and organizations for greater control over their data; a surge in the development of comprehensive privacy laws in jurisdictions around the world; and increasing calls by governments and businesses to keep personal data resident in their jurisdictions.

In response, Microsoft has continued to refine options for customers to manage and control their data; released Microsoft Priva, joining our Azure Purview solution, to help organizations manage their data and data subject requests; announced and opened new datacenters in more countries; and continued our support for strong, comprehensive, interoperable privacy laws.

Empowering our customers to control their data through transparency and tools

We believe in transparency in our data collection practices, so that people and organizations have visibility into our data collection processes, with options to control their data and have meaningful choices in how it is used.

Tools for controlling data

We give our customers control over their data through the Microsoft privacy dashboard. There, individuals can view and delete their data and manage their privacy settings. Data that appears on the dashboard can include data related to Bing searches, Microsoft Edge browsing, and app activities such as location and media history. In 2021, our customers used the privacy dashboard to an unprecedented degree—over 26 million people worldwide relied on it to understand more about the personal data we collect and to exert their control over it. See Appendix for detailed figures by country.

World map with top 20 markets for Microsoft privacy dashboard users. Visit Appendix section for details.

The Microsoft privacy dashboard had over 26 million users in 2021


In addition to the controls available on the privacy dashboard, a Microsoft privacy team provides direct support to customers around the world who have questions about their personal data. In 2021, the privacy team assisted 9,000 individuals and organizations from over 200 countries with their privacy inquiries and requests submitted through our privacy support form.

In 2021, we released Microsoft Priva, our first product specifically designed to address privacy issues for large organizations. Priva has management systems that help organizations address two key privacy issues:

  • Priva Privacy Risk Management gives business customers and their employees visibility into the risks associated with personal data in Microsoft 365 environments.
  • Priva Subject Rights Requests enables business customers to respond to and manage data subject rights requests more efficiently by automatically finding a subject’s personal data and then providing built-in review and redaction capabilities.

Microsoft Priva is designed to be interoperable with our customers’ data management systems, including those provided by other trusted vendors. Microsoft Priva follows the September 2021 general availability of Azure Purview, Microsoft’s unified data governance solution that helps enterprise customers manage and govern on-premises, multicloud, and software-as-a-service (SaaS) data.

Transparency and choice

To give our customers further control over their data, we classify the data we collect from customers in our major products and services as either required or optional. Required data includes diagnostic or service data that we use for security patches and to help detect functionality issues with our products and services. It is necessary to keep our products up to date, secure, and working as expected. Optional data is data that we use to improve the performance of our products and services, which customers can decide whether to share with Microsoft.

To be transparent with our customers about how we collect and use required and optional data, Microsoft publishes and regularly updates summaries for each of our major online services. These summaries also guide our customers on how they can make informed choices by changing their privacy settings to customize the data they share with Microsoft.

Below you’ll find detailed information about the data collection practices of our major services, which are updated as often as necessary to reflect new service improvements:

Growth in global datacenters and robust data residency solutions

We’ve heard from our public and private sector customers that they want more local options to control their data. In response, we announced or opened new datacenters in several countries. Since our October 2021 report, we announced our first datacenters in Belgium and Finland, and opened additional datacenter campuses in India, Korea, South Africa, and Sweden. These were in addition to new datacenters planned or developed in 2021 in Brazil, Germany, Indonesia, Malaysia, Norway, and the United States. With more than 200 datacenters around the world—the largest datacenter footprint of any cloud provider—Microsoft offers customers unmatched benefits for data residency, including latency optimization and regional compliance.

In May 2021, Microsoft announced the EU Data Boundary, a new initiative for our commercial and public sector customers in the European Union. The EU Data Boundary will go beyond our existing data residency commitments for data storage by enabling customers to compute and store their customer and personal data in the EU. This initiative covers all our major cloud services: Microsoft Azure, Microsoft 365, Microsoft Dynamics 365, and Microsoft Power Platform.

In March 2022, we were pleased by the announcement of the new Trans-Atlantic Data Privacy Framework, which is designed to rebuild and strengthen the data protection bridge between the EU and the United States. It does so by addressing the concerns of the Court of Justice of the European Union when it invalidated the original Privacy Shield framework in 2020. We will meet or exceed all the requirements this framework outlines for companies. In June 2021, we also welcomed the additional clarity from the European Commission with its new template for Standard Contractual Clauses (SCC) that can be used to lawfully transfer personal data outside the EU. Microsoft implemented the new SCC in September 2021, so our customers can continue to rely on our services for compliant data transfers from the EU.

Support for comprehensive, interoperable privacy laws

Privacy and data protection regulations are increasing rapidly around the world. Within the next year, it is estimated that more than 75% of the world’s population will be covered under modern privacy laws and that percentage is only expected to grow.

In our support of these laws, we were the first cloud provider to work with European data protection authorities for approval of our EU model clauses; the first to adopt new technical standards for cloud privacy; the first to extend the core rights under the GDPR to all our customers around the world; and the first to extend the core rights of the California Consumer Privacy Act to all our customers in the United States.

As part of our long support of comprehensive privacy legislation, we continue to work constructively with regulators and lawmakers around the globe to advance meaningful data protection and privacy regulation.

Related transparency reports

We continue to strive toward building and maintaining trust in technology, and we know that transparency is a key component of that trust. This Microsoft Privacy Report describing our privacy practices, user choices, and products appears in The Microsoft Report Hub, which offers a comprehensive overview of all our efforts to nurture digital trust by respecting human rights, promoting diversity and inclusiveness, and contributing to sustainable development.

We also publish digital trust reports that describe how Microsoft responds to government and law enforcement requests for user data and for content moderation, and the steps we take to keep our customers safe:


Tell us how we are doing! Contact the Microsoft privacy team with your feedback about the Microsoft Privacy Report.

Appendix

Microsoft’s global commitment to data subject rights enables millions of people to control their data. In 2021, the Microsoft privacy dashboard had 26,583,308 users. The chart below lists the 20 countries with the most privacy dashboard users.

Microsoft Privacy Dashboard Top 20 Markets for User Access in 2021

Country (IP Based)

Privacy Users

#1 - United States7,488,874
#2 - Japan2,019,143
#3 - United Kingdom1,506,241
#4 - China1,105,330
#5 - Brazil1,104,405
#6 - Germany956,893
#7 - France921,967
#8 - Canada904,642
#9 - India810,103
#10 - Mexico738,372
#11 - Korea582,024
#12 - Australia576,293
#13 - Spain451,366
#14 - Italy399,904
#15 - Netherlands398,383
#16 - Colombia334,866
#17 - Poland300,819
#18 - Turkey287,161
#19 - Saudi Arabia242,468
#20 - Argentina238,268