Microsoft Privacy Report - October 2022

At Microsoft, we value, protect, and defend privacy. We live up to our commitment to protect your privacy by providing products, information, and controls that enable you—our individual and organizational customers—to choose how personal data is collected and used. We publish this Microsoft Privacy Report twice a year to give you the latest information on what personal data we collect, how it may be used, and how both our consumer and our organizational customers can manage and control their data.

This report also summarizes important new developments in privacy at Microsoft since April 2022. Since then, we’ve seen continued interest from our consumer customers for tools to protect the security and privacy of their data, as well as increasing initiatives from governments and businesses to keep personal data in their jurisdictions and under their sovereign control.

In response, Microsoft has continued to release tools to help protect the data of our consumer customers, including Microsoft Defender for individuals. To help organizations meet their privacy and compliance requirements, we have released Microsoft Purview, our line of enterprise data governance and compliance solutions, and Microsoft Entra that unifies Microsoft identity and access capabilities. For our government customers, we announced the Microsoft Cloud for Sovereignty. And as part of our collaborative engagement on privacy with governments and other stakeholders, we released our European Cloud Principles and have strongly supported the new EU-U.S. Data Privacy Framework between the EU and the United States.

Empowering consumers to control their data

To be transparent, we give you visibility into our data collection processes, with options to control your data and have meaningful choices in how it is used.

Tools for protecting and controlling data

You can control your data using the Microsoft privacy dashboard. There, you can see and delete data and manage your privacy settings. Data that appears on the dashboard includes data from your Bing searches, Microsoft Edge browsing, location history, and use of Microsoft apps and services. From January to June of 2022, almost 13 million people worldwide used the privacy dashboard, relying on it to understand more about the personal data we collect and to exert their control over it. (See the Appendix for detailed figures of privacy dashboard usage by country.)

In addition to the controls available on the privacy dashboard, the Microsoft privacy support team provides direct support to customers around the world who have questions about their personal data. From January to June 2022, the privacy team assisted 4,000 individuals and organizations from 120 countries with their privacy requests and concerns submitted through our privacy support form.

In June 2022, we launched Microsoft Defender for individuals, a new online security application (available as a separate download) for Microsoft 365 Personal and Family subscribers. Microsoft Defender for individuals provides continuous anti-phishing and antivirus protection, for you, your family, and your devices, managed from a single dashboard. In early October 2022, we released identity theft monitoring in the United States to help keep your personal data safer online with identity monitoring, risk alerts, expert guidance, and personal restoration support. The app protection also extends to security alerts and recommended actions to further protect the security of your data and devices.

Providing transparency and choice

We classify the data we collect from customers in our major products and services as either required or optional. Required data includes diagnostic or service data that we use for security patches and to help detect functionality issues with our products and services. It is necessary to keep our products up to date, secure, and working as expected. Optional data is data that we use to improve the performance of our products and services, which customers can decide whether to share with Microsoft.

To be transparent with our customers about how we collect and use required and optional data, Microsoft publishes and regularly updates summaries for each of our major online services. These summaries also help our customers make informed choices about the data they share with Microsoft through changes to their privacy settings.

• Data collection summary for Dynamics 365
• Data collection summary for Office
• Data collection summary for Teams
• Data collection summary for Windows
• Data collection summary for Xbox

Empowering business and government customers to protect their data

Organizations today run on trust, and foundational to that trust is keeping data private and secure. In addition to our robust set of privacy policies, Microsoft offers an ever-expanding set of technologies to help organizations meet their privacy and compliance requirements. During 2022, we announced or released several critical services, along with important guidance:

• In April 2022, we announced Microsoft Purview, a product family of enterprise data governance and compliance solutions. Microsoft Purview helps organizations govern, protect, and manage data across their entire estate, including both Microsoft and non-Microsoft environments. Microsoft Purview includes solutions that include: Information Protection, Data Loss Prevention, Insider Risk Management, eDiscovery, and Compliance Manager.
• In May 2022, we announced Microsoft Entra, our new product family that encompasses all of Microsoft’s identity and access capabilities. The solutions in Microsoft Entra help protect the privacy of our customer’s data by securing identities and their access to sensitive assets. This includes identity verification and management of privileges and rights across platforms (entitlement management). The Microsoft Entra family is Azure Active Directory (Azure AD), Microsoft Entra Identity Governance, Microsoft Entra Permissions Management, Microsoft Entra Workload Identities, and Microsoft Entra Verified ID.
• In June 2022, the Microsoft Office of Responsible AI published our Responsible AI Standard, a framework for how we develop and deploy AI systems responsibly. We released the standard and supporting materials such as Impact Assessment templates, to share what we have learned, invite feedback from others, and contribute to the discussion about building better norms and practices for AI. The standard helps internal teams turn our AI principles—fairness, reliability & safety, privacy & security, inclusiveness, transparency, and accountability—into practices. Our goal is to enable responsible innovation, empower others, and ensure AI can be used in a way that is fair, safe, and rights-respecting.
• In July 2022, we announced the Microsoft Cloud for Sovereignty (MCFS). MCFS is built on Azure public cloud regions, providing public sector customers a solution to build, move, and operate their data and workloads in the cloud while meeting their legal, security and policy requirements and accelerating their digital transformation journey and cloud adoption. Public sector customers can harness the full power of the cloud along with security, and greater transparency, auditability and control over their data.

Engaging collaboratively with governments and other stakeholders

Microsoft has long supported comprehensive privacy legislation and is committed to helping develop durable global solutions. We continue to work constructively with regulators, lawmakers, NGOs, and others around the globe to advance meaningful data protection and privacy regulation.

In March 2022, we announced our support for the EU-U.S. Data Privacy Framework, a critical agreement between the European Commission and the US government regulating the transfer of data between the EU and the United States. The new framework is designed to rebuild and strengthen the data protection bridge between the EU and the United States. It addresses the concerns of the Court of Justice of the European Union, which invalidated the EU-U.S. Privacy Shield Framework in 2020. Microsoft is committed to meeting or exceeding all the requirements this framework outlines for companies. We will do this through enhancements in how we handle legal requests for customer data and by providing further support for individuals concerned about their rights.

In May 2022, as part of our commitment to European customers, we announced our European Cloud Principles. Five principles will guide our cloud business across Europe, and include cloud offerings, such as the Microsoft Cloud for Sovereignty, that meet European government sovereign needs. These principles also recognize that European governments are regulating technology and that we will adapt to and support these efforts.

Learn more about Microsoft transparency reports

We continue to strive toward building and maintaining trust in technology, and we know that transparency is a key component of that trust. In addition to this Privacy Report, we offer a comprehensive overview of all our efforts to nurture digital trust in our Reports Hub. Microsoft publishes regular reports, including metrics on how Microsoft responds to government and law enforcement requests for user data and for content moderation:

• Digital Safety Content Report
• Law Enforcement Requests Report
• US National Security Orders Report
• Copyright removal requests
• Government requests for content removal
• "Right to be forgotten" requests

Appendix

Microsoft’s global commitment to data subject rights enables millions of people to control their data. From January 1 through June 30, 2022, the Microsoft privacy dashboard had 12,938,096 users. The chart below lists the 20 countries with the most privacy dashboard users.