Change History for Microsoft Privacy Statement

September 2017

  • In Where We Store and Process Personal Data, we provided more information about Microsoft’s compliance with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework.

August 2017

  • We updated the preamble to reflect the broad scope of the privacy statement.
  • We changed the navigation of the product-specific details to make this information easier to find.
  • In Personal Data We Collect, we provided more examples of data we collect from developers and enterprise customers and made edits to better describe data we collect.
  • Under How We Use Personal Data, we made changes to improve transparency on how we use the data we collect. We updated the section on advertising to better describe our advertising practices.
  • In How to Access & Control Your Personal Data, we added information about how Volume Licensing customers can control their data. We also noted customers can opt out of interest-based advertising from third parties by visiting the third parties’ respective websites.
  • We updated Cookies & Similar Technologies to provide greater transparency on our use of cookies and similar technologies.
  • We added a section called Notice to End Users to provide individuals who gain access to Microsoft products through their organization, such as an employer or school, more information about how their data is processed.
  • In Where We Store and Process Personal Data, we listed additional countries where Microsoft operates data centers.
  • The European Privacy Rights section now only appears in certain European versions of the privacy statement.
  • In Cortana, we made changes to better describe how Cortana works. We also provided more information about how information is processed when Cortana uses a Connected Service or third-party skill.
  • We updated the Skype section to better describe how certain features work.
  • Under Windows we edited the name of certain features and functionality.
  • We edited Enterprise and Developer Products to better describe these products and increase transparency on our use of data related to these products. We also updated the name of Dynamics 365.
  • In some language versions, we made edits for grammar and clarity.

June 2017

  • We made a small update to the language in Privacy Shield to highlight that Microsoft participates in both the EU-U.S. and the Swiss-EU Privacy Shield frameworks.

March 2017

  • We updated Personal Data We Collect to provide customers with more transparency about the types of third parties that provide us with personal data. Additionally, we made edits to better describe the types of data we collect.
  • Under How We Use Personal Data, we clarified to customers how we use information about their activities, interests, and location to deliver personalized experiences.
  • In How to Access & Control Your Personal Data, we added information about the new Microsoft privacy dashboard, where customers can access and manage personal data collected from various Microsoft services. We added details about where users can delete their personal data on other Microsoft properties.
  • We added AppsFlyer to the list of analytics providers in Cookies & Similar Technologies.
  • We updated Microsoft Account to provide customers with information about how our new payment features work.
  • We added a new section called European Privacy Rights to inform customers in the European Economic Area of their data protection rights.
  • In Where We Store and Process Personal Data we provided customers with more information about where Microsoft processes data. We specified where Microsoft operates major data centers and explained how we determine where we process data. Additionally, we provided more transparency about transfers of personal data from the European Economic Area, including the legal basis for such transfers and how we protect customers’ rights when the data travels. We set forth our commitment to the EU-U.S. and the Swiss-U.S. Privacy Shield frameworks and direct customers on how they can exercise their Privacy Shield rights.
  • As we seek to be more transparent about how long we keep personal data, we set forth criteria we use to determine retention periods in Our Retention of Personal Data.
  • Under Bing, we provided more clarity to customers about how to turn off Search Suggestions, pointed customers to new capabilities to manage their data, and added details about how search query data is used for research and development purposes.
  • In Cortana, we added information to describe how new features work. We explained variations of Cortana on different operating systems and how Cortana interacts with other services. Additionally, we provided more information about how we use location information and moved information about Cortana’s use of information from Microsoft Edge up from the Windows section.
  • In Health Services, we made edits for clarity and to account for new applications in this product area.
  • We updated MSN to better clarify the type of data collected to provide customers with relevant content.
  • In Office we edited the structure of one sentence to make it more clear.
  • Under Windows we made a number of changes to improve transparency, to describe changes to certain functionality or new capabilities, and to account for new privacy measures we implemented, including:
    • Under Advertising ID, we explained how customers can control the use of this identifier and provided more clarity on how app developers and advertising networks use it.
    • We renamed Telemetry and Error Reporting to Diagnostics. In this section, we explained the two levels of diagnostic data, including the type of data collected for each level, depending on the customer’s setting. Additionally, we explained the new Tailored Experiences setting, which enables users to choose whether diagnostic data is used to personalize their experience.
    • We provided more clarity on the collection of location data in Windows location service.
    • In Recording, we described new capabilities and informed users of their potential legal responsibility related to the use of this feature.
    • In SmartScreen, we provided additional details about the data transmitted to Microsoft to help SmartScreen protect customers.
    • In Speech, Inking and Typing, we better described our speech recognition capabilities and provided more transparency about the data Microsoft collects to provide these and related services. Additionally, we explained to customers the controls available to manage this data.
    • Under Web Browsers we removed references to Page Prediction. The Page Prediction feature still exists in Microsoft browsers. However, browsing history to power the feature is now collected as part of Windows Diagnostics only from devices configured to return data at the Full level. We also moved disclosures about Cortana’s use of data from this section to the Cortana section.
    • We renamed Windows Wi-Fi Sense section to Wi-Fi Connecting to suggested open hotspots and edited this section to reflect changed branding and features.
    • We clarified Microsoft Wallet is an application only available for Windows Phone by renaming this section.
    • We added a section for Windows Media Player to describe how this feature works for versions of Windows where this application is available.
    • We edited Windows Search to describe how the feature can be used to search for items stored in other services.
  • In some language versions, we made edits for grammar.

February 2017

  • In Personal Data We Collect, we clarified additional details about the usage data we consider “Product use data.”

November 2016

  • In How We Use Personal Data, we updated Advertising to better clarify the use of your data by third parties to customize the ads you see.
  • In How to Access & Control Your Personal Data, we updated Your Communications Preferences, clarifying how to modify your preferences.
  • In Other Important Information, we updated the Where We Store and Process Personal Data section to reflect Microsoft’s participation in the EU-U.S. Privacy Shield program.
  • In Bing, we removed the Bing Rewards Program section, as Bing Rewards has been replaced by Microsoft Rewards.
  • We added a new Microsoft Cognitive Services section to explain how we collect and use data when developers use the services. We also clarified that Microsoft Cognitive Services are not Enterprise Products under this privacy statement.
  • We added a new Microsoft Translator section, to explain how Microsoft Translator, Collaborative Translations Framework, and Microsoft Translator Hub collect and use data.
  • In Windows, we revised the Telemetry & Error Reporting section to reflect that wireless network identifiers are collected at the optional “Enhanced” level of telemetry rather than at the “Basic” level.
  • We added a new captioning section in Xbox to explain how Microsoft incorporates a voice-to-text feature to provide captioning of in-game chat for users who need it.

September 2016

In Enterprise Products, we added links to privacy notices that still apply to certain enterprise offerings.


August 2016

  • In Personal Data We Collect, we added additional examples of when we collect data and the types of usage data we collect.
  • In How We Use Personal Data:
    • We clarified that we show ads in only some of our products, that we also deliver ads in third-party products, and that we partner with third-parties such as AOL and AppNexus to deliver ads. And we removed an outdated example of sharing data with a service provider to help with the delivery of ads.
    • We added additional examples of using data for product improvement purposes.
  • In Microsoft account:
    • We added text explaining the distinctions between a personal Microsoft account and a work or school account provided by your school or employer using Azure Active Directory.
    • We added an explanation that when you sign into a third-party product with your Microsoft account, and consent to share profile data, the third-party product can display your name or username and profile photo.
  • In Other Important Information, we updated the discussion of transferring data from the European Economic Area to specify our intent to adopt the forthcoming EU-U.S. Privacy Shield Principles.
  • In Cortana, we provided more examples of the types of data Cortana can access and use, described a new feature that allows for some functionality without being signed in, described new and enhanced user controls, and added descriptions (already provided to users in the product itself) of data sharing with third-party services that users can choose to connect with Cortana.
  • In Microsoft Health and Microsoft Band, we added more detail about the types of data these offerings collect and use, and removed some redundant text to simplify the section.
  • We added a new Outlook section (incorporating content previously in an Outlook.com section and an Outlook subsection of Office) to explain the distinctions between Outlook.com, Outlook applications, and related services, describe new cloud-based features, and describe how Outlook applications can be integrated with multiple accounts from third-party service providers.
  • In Skype, we added text explaining that this section applies only to the consumer version of Skype and not Skype for Business, describing how contacts are added to Skype from other Microsoft consumer services, and describing a new recording feature in some versions of Skype.
  • We added a new Store section, incorporating the content previously in a Windows Store subsection of Windows, and adding references to the Xbox Store and Office Store.
  • We added a new SwiftKey section to describe our recently acquired SwiftKey apps, incorporating the content from the previous SwiftKey privacy statement.
  • In Windows:
    • We expanded the description of Advertising ID to provide more details on its purpose and uses.
    • We renamed the "Input Personalization" section to Speech, Inking, and Typing and added additional examples of the data collected.
    • In Location Services, Motion Sensing, and Recording, we added descriptions of the new General location and Default location settings, and provided additional details of when location data is collected and retained by Microsoft.
    • We updated the Windows Defender section to explain new functionality that allows the use of Windows Defender to do periodic scanning even when there is another anti-malware service running.
    • We’ve revised the Telemetry & Error Reporting section to further clarify differences between Basic data, Enhanced data, and Full data.
    • We updated the Web Browsers: Microsoft Edge and Internet Explorer section to explain how to control Cortana’s access to your browsing history, and that enabling that feature will allow us to collect your Microsoft Edge search queries and full browsing history associated with your user ID to personalize your experience.
    • We revised the Wi-Fi Sense section to clarify that we are no longer offering functionality that will automatically connect to open Wi-Fi networks.
    • We added a section to Windows Apps describing the Mail and Calendar app, and updated the description of the Microsoft Wallet app to reflect to NFC functionality.
  • We added a new Enterprise Products section (replacing an Enterprise Services subsection of Other Important Information) to account for Microsoft products and related offerings offered or designed primarily for use by organizations and developers.
  • Throughout, we replaced the general term "services" with "products" to better reflect the full range of software, services, and devices Microsoft offers.
  • Throughout, we made several minor wording changes to improve clarity, or to address typos, grammar, or other similar issues.

January 2016

  • We simplified the introductory paragraph by removing a list of specific Microsoft services, referring instead to the list of services that appears later in the statement.
  • In Microsoft account, we added “display name” to the ways others can find and connect with you within Microsoft services.
  • In Other Important Privacy Information:
    • In Where We Store and Process Personal Data, we clarified that data may be stored in your region, and explained the ways data can be transferred from the European Economic Area to other countries.
    • We simplified How to Contact Us by removing the reference to Skype Software S.à.r.l.
  • In Skype, we made several edits to simplify and clarify language, remove redundancies, and explain that both Microsoft Corporation and Skype Communications S.à.r.l. are data controllers for Skype.
  • In Windows:
    • We added to Sync Settings, to clarify that the Windows sync settings apply to Internet Explorer browser history, and that some apps have their own separate sync controls.
    • We rewrote much of Telemetry & Error Reporting to clarify the different levels of telemetry, what types of data are included in each, the effect of the available user controls, and the limited sharing of error report information to partners (such as OEMs) to help them troubleshoot products and services which work with Windows and other Microsoft product and services.
    • We clarified Web Browsers to show the differences between sync functions and controls on Internet Explorer and Microsoft Edge.
  • Throughout, we made several minor wording changes to improve clarity, or to address typos, grammar, or other similar issues.

October 2015

  • We added examples to Personal Data We Collect to clarify when we need to collect content of files and communications so that we can provide our services to you.
  • We added examples to How We Use Personal Data about customer support and product activation, to further explain how we use your data to provide and improve our services.
  • In Reasons We Share Personal Data, we clarified that “private communications and documents in private folders” refers to content in cloud services, like Outlook.com and OneDrive, and not content stored on a person’s local device. We also added a link to our Law Enforcement Transparency Report.
  • In Cookies and Other Technologies, we added Kissmetrics and Webtrends to the list of data analytics service providers we use.
  • We clarified the difference between a personal Microsoft account and a work or school account provided to you by your organization.
  • In Other Important Privacy Information, we added Enterprise Services to clarify that if you have a work or school account, the owner of the domain associated with your email address may control and administer your account under its own policies, which may differ from ours.
  • In Bing, we updated “Autosuggest” to “Search Suggestions” and added information about how to opt out of Bing Rewards.
  • In Cortana, we added “Communications History” to the list of features.
  • We added Groove Music/Movies & TV, which replaces Xbox Music and Video to reflect the new branding of those services.
  • We added Microsoft Health Services, to incorporate information previously provided in separate privacy statements about Microsoft Band devices, Microsoft Health apps, HealthVault, and other related services.
  • We simplified Office, by moving the pertinent information from the old Excel subsection into Search services.
  • In Outlook, we deleted Social inbox.
  • In Skype, we added information about Translation feature.
  • In Windows, we added information about Recording.
  • In Xbox, we changed Voice chat to Communications monitoring. We also clarified that the Xbox Code of Conduct has been replaced with the Microsoft Code of Conduct.
  • Throughout, we made several minor wording changes to improve clarity, or to address typos, grammar, or other similar issues.

July 2015

We published a new Microsoft Privacy Statement that brought together many separate privacy statements into a single statement covering most of Microsoft’s consumer services. This restructuring of Microsoft’s privacy disclosures was designed to eliminate redundancies, improve usability, and increase clarity and transparency. We added some new elements, for example, to reflect new features of Windows 10, but the new statement did not represent a change in policy or practice for Microsoft.