Woman  spectacles laptop.

At Microsoft, we value, protect, and defend your privacy. Our approach is built on our privacy principles of user control, transparency, security, defending data from third party access, and using personal data in ways that provide meaningful benefit to you.

We are committed to protecting privacy by providing products, information, and controls that allow you to choose how your data is collected and used. From products built with privacy by design to transparent information and user controls, our goal is to empower our customers to make informed choices about their data.

As part of our commitment to privacy and transparency, the Microsoft Privacy Report is published to share the latest information on what personal data we collect, how it may be used, and how you can manage and control this information. The report also summarizes key developments and trends in global privacy and how they could impact Microsoft, our customers, and the global regulatory environment.

Driving AI innovation while protecting privacy

Microsoft will remain committed to driving responsible AI innovation while protecting privacy and other fundamental rights, developing tools for the use and control of data, providing transparency and choice, and responding to the changing privacy landscape in service of our customers and the industry overall.

Across the globe, we continue to see an acceleration of data protection and privacy regulation along with rapid advances in new kinds of technologies that leverage data. Our customers continue to be interested in the latest developments in advanced AI systems and solutions that meet their unique data use and governance needs.

At Microsoft, we believe AI is the defining technology of our time. Protecting privacy is a fundamental component of advanced AI systems. We have had a principles-based AI governance structure and system across the company since 2017, and today we have hundreds of employees throughout the company, from multiple disciplines, including research, policy, and engineering, who are working on ensuring that our AI solutions meet society’s expectations and our ethical principles.

As we make rapid advancements in AI, we will continue to develop our solutions in alignment with our ethical principles, corporate policies, and voluntary commitments to promote safe, secure, and transparent AI. A core aspect of our efforts is our adherence to our Responsible AI Standard, which outlines specific requirements for how we develop and deploy AI systems. The standard guides our internal teams by transforming our AI principles – of fairness, reliability and safety, privacy and security, inclusiveness, transparency, and accountability – into concrete engineering practices. As part of our commitment to transparency, Microsoft has updated the Microsoft Privacy Statement and has published The New Bing: Our approach to Responsible AI. Microsoft also publishes Transparency Notes for our other AI solutions, to help you understand how our platform AI technology works, the choices our customers can make that influence performance and behavior, and how we ensure that the solutions advance privacy protection.

In addition to our internal practices, Microsoft supports global regulatory initiatives to ensure that AI is developed and used in responsible, privacy protecting, and ethical ways. In the United States, Microsoft has confirmed support for the Voluntary AI Commitments from the White House and supports the legislative efforts and vision in Europe, the UK and other jurisdictions as they work to develop risk-based frameworks that ensure people can realize the promises of AI responsibly and in ways that respect fundamental rights.

We have been at the forefront of cutting-edge research in AI and integrating these powerful, innovative AI technologies into our products and services to help customers do more while preserving data privacy, transparency, and trust. Microsoft AI, powered by Azure, provides billions of intelligent experiences every day in Windows, Xbox, Microsoft 365, Teams, Azure AI, Power Platform, Dynamics 365 and Microsoft Defender.

Privacy tools and resources. Learn how to control your data.

We provide tools to help you control your personal data and manage your interactions with Microsoft products and services. With the Microsoft privacy dashboard, you can view, delete, and manage your privacy settings and data collected while signed into your Microsoft account. Data that appears on the dashboard includes data from your Bing searches, Microsoft Edge browsing, location history, and use of Microsoft apps and services. Recently, we made it easier for family organizers to view and manage the activity data for connected child accounts from the privacy dashboard. For data that is collected by the new Bing, including through user queries and prompts, the Microsoft privacy dashboard provides authenticated (signed in) users with tools to exercise their data subject rights, including by providing users with the ability to view, export, and delete stored conversation history. We continue to take feedback on how users want to manage their new Bing experience, including through in-context data management experiences. Each month, the privacy dashboard has up to 3.2 million monthly active users, showing active engagement and use globally.

During the report period from January 1 through June 30, 2023, 14,727,893 users (more than the population of Belgium) visited the Microsoft privacy dashboard to interact with their data. This represents a 21% increase since our last report. The chart below shows the top 20 countries during that period where privacy dashboard users deleted their data and exported their data, as we honor data subject rights around the globe.

Top 20 countries where users deleted their data using the privacy dashboard.

Top 20 countries where users exported their data using the privacy dashboard.

#1 - United States#1 - United States
#2 - Japan#2 - Canada
#3 - United Kingdom#3 - Australia
#4 - China#4 - United Kingdom
#5 - Germany#5 - Mexico
#6 - Canada#6 - Germany
#7 - France#7 - Brazil
#8 - India#8 - China
#9 - Australia#9 - France
#10 - Brazil#10 - India
#11 - Italy#11 - Saudi Arabia
#12 - Korea#12 - Spain
#13 - Spain#13 - Japan
#14 - Netherlands#14 - Poland
#15 - Mexico#15 - Türkiye
#16 - Belgium#16 - South Africa
#17 - Poland#17 - Argentina
#18 - China#18 - Sweden
#19 - Sweden#19 - New Zealand
#20 - Türkiye#20 - Netherlands

In addition to the controls available on the privacy dashboard, the Microsoft privacy support team provides direct assistance to customers around the world who have questions about their personal data. In the last six months, the privacy team assisted more than 3,700 individuals and organizations from 113 countries with their privacy requests and concerns submitted through our privacy support form.

For our young users, Microsoft recently released an immersive game-based learning adventure, Privacy Prodigy, for students aged 7-18. In this Minecraft game, players take on the challenge of protecting their data as they venture further from home, encountering scenarios that help them learn about the personal information that can be shared and what should be kept private. We believe it is important to supplement privacy tools like the dashboard with educational resources, particularly for young people as they learn to navigate the online world. Privacy prodigy is available for free in our Minecraft Education portal and in the Minecraft Marketplace.

For our commercial and public sector customers, Microsoft has a variety of enterprise-grade solutions and services that help our customers control, protect, and defend their data. For example, with the EU Data Boundary, Microsoft provides enhanced residency capabilities for processing and storing commercial and public sector customers’ personal data within the European Union.

With the Microsoft Purview and Priva offerings, organizations can understand and govern their data estates and sensitive information. New capabilities in Purview include Adaptive Protection, a capability that uses machine learning to understand how users are interacting with data and assign risk levels. Microsoft Purview can then adapt by adjusting Data Loss Prevention (DLP) controls in response to a detected risk. Microsoft Priva is an advanced solution complementing Purview, tailored for effective data estate governance and handling of sensitive information using advanced automation capabilities.

Microsoft Entra is a cloud-based service that provides identity, data, and collaboration solutions for enterprises and organizations. Microsoft has recently introduced a range of new security tools and features for the Microsoft Entra product family, aimed at helping organizations improve their security and data protection posture. With the ever-increasing sophistication of cyber-attacks, the increasing use of cloud-based services, and the proliferation of mobile devices, it is essential that organizations have effective tools in place to manage their security scope.

Privacy by design. Understanding required and optional data.

For each of our core online services, we provide our customers with transparency around how we use data through a system that identifies when the personal data is used for purposes that are Required or Optional. Required data helps us keep our products secure and up to date. It also helps us fix any problems with how they work. Optional data lets us improve our products with extra features or analysis. Our customers can choose whether to share optional data with us.

We are transparent about our approach to what data we collect, how we use it, and the choices that our customers can make. We publish and update summaries for each of our core online services to help our customers understand how their data is used and to make informed choices.

Privacy in a changing world

Microsoft has long supported comprehensive privacy legislation and is committed to helping develop durable global solutions. We continue to work constructively with regulators, lawmakers, NGOs, and others at the federal and state level in the United States and around the globe to advance meaningful data protection and privacy regulation. Microsoft products and services already comply with global regulations, and we are committed to continuing to move quickly to adapt to changing regulations on behalf of our customers. We support strong, comprehensive, and interoperable laws globally.

As privacy and data protection laws advance, norms and requirements evolve across the globe; Microsoft will adapt to ensure our products and services continue to be compliant and to provide assurances and support for our customers. Over the past year, there has been significant momentum in state-level privacy laws in the U.S. and new regulations, decrees, and case law in the European Union, India, Japan, South Korea, Vietnam, and other jurisdictions that, in some cases, may change requirements for organizations like Microsoft.

The trusted cross-border flow of data continues to be a priority issue for governments and organizations. Microsoft was one of the first U.S. organizations to be certified against the EU-US Data Privacy Framework (DPF), a mechanism that enables the transfer of personal data from the European Union to the United States in compliance with EU law. We have committed to meeting or exceeding all the requirements of the EU-U.S. Data Privacy Framework, the UK Extension of the EU-U.S. DPF, and the Swiss-U.S. DPF, including updating our notices to our customers and employees.

In the United States, as of the date of this report there are more than a dozen states with comprehensive privacy laws that set out holistic approaches to protecting the privacy of consumers’ personal data. Globally, comprehensive privacy laws continue to be adopted, including India’s Digital Personal Data Protection Act, which we believe offers strong protections to personal data while enabling innovation and digital development in the region. We are also seeing lawmakers consider new policies that better protect sensitive data.

At Microsoft, privacy and safety go hand in hand. Among the major developments globally is the European Union’s Digital Services Act (DSA) – a far reaching piece of legislation designed to keep users safe online. Microsoft has made a number of updates to its services in support of the compliance requirements for the DSA. To learn more about Microsoft’s approach to Digital Safety, please visit: https://www.microsoft.com/DigitalSafety.

Learn more about Microsoft reports

Microsoft remains committed to ongoing engagement and improvement as we continue to navigate this new era of innovation and regulation. We will continue to be guided by our principles and mature data governance model inside and outside the company. We will also continue to share learnings to help our customers in their efforts to protect privacy and ensure the responsible stewardship of data. In addition to this Privacy Report, we offer a comprehensive overview of our efforts to nurture digital trust in our Reports Hub. Microsoft publishes regular reports, including metrics on how Microsoft responds to government and law enforcement requests for user data and content removal. In October 2023, the Bing EU Digital Services Act Report was added to the Reports Hub, where we publish these other reports:

Tell us how we are doing!

Contact the Microsoft privacy team with your feedback about this Privacy Report.