Change History for Microsoft Privacy Statement

November 2018

  • In Entertainment and related services, we updated Mixer to provide more information regarding which user interactions are publicly viewable.

October 2018

  • In Reasons we share personal data, we added an example of sharing certain data with an employer or school to enable them to manage the Microsoft products it provides to you (or that you sign into with an account it provides to you).
  • In the Where we store and process personal data section of Other important privacy information, we specified that we will cooperate with the Swiss Federal Data Protection and Information Commissioner for resolving disputes with Swiss individuals under the Swiss-U.S. Privacy Shield agreement.
  • In Products provided by your organization—notice to end users, we clarified that an employer’s or school’s ability to administer products and accounts can include control of privacy-related settings.
  • In Enterprise and developer products, we added PlayFab Services as an example of enterprise and developer cloud-based services.
  • In Skype, we added a paragraph describing a new captioning feature.
  • In Windows, we:
    • reiterated how an organization can access data from Windows devices it manages.
    • provided further examples in the description of Activity history.
    • clarified that the Advertising ID controls apply only where an app is relying on the Advertising ID, and does not affect other means providing interest-based advertising (such as cookies).
    • added text in Diagnostics describing that diagnostic data can be shared with an organization, such as an employer or school, to help manage the organization’s devices and that aggregated diagnostic data may also be shared with other selected third parties.
    • added a new Feedback Hub section to describe the collection of feedback and diagnostic data through the app.
    • made several clarifications under Location services, motion Sensing, and recording, including specifying that Windows will attempt to determine location when you make an emergency call, regardless or your location settings, and that your mobile operator has access to your device’s location.
    • edited descriptions in Speech, Inking, and Typing to improve clarity and provide additional details about available controls.
    • under Web browsers—Microsoft Edge and Internet Explorer, described a unique ID that is sent by the Edge browser to certain selected websites that enables us to develop aggregate data to improve browser features and services, and added a description of a new “Website Pin to Taskbar” feature.
  • We made additional edits throughout the privacy statement intended to improve transparency, enhance readability, and update outdated links and references.

August 2018

  • We made additional edits throughout the privacy statement intended to improve transparency and readability. For example, we provided more descriptive labels for hyperlinks.
  • We separated the description of the personal data Microsoft collects for speech recognition from the description of the personal data Microsoft collects for inking and typing recognition, and simplified both.
  • We clarified that, in some cases, access or control to personal data is limited as required or permitted by applicable law.

May 2018

  • We made edits throughout the privacy statement intended to improve transparency and readability. For example, we:
    • added new categories of personal data we collect, such as voice data, content consumption data, and browse history;
    • added new uses of personal data;
    • simplified text and eliminated duplicative text and qualifiers such as “we may”;
    • added navigation cues, like bullet points, to highlight key points and reduce reader fatigue; and
    • improved consistency in the language used describe similar concepts.
  • We added language required by the EU General Data Protection Regulation (GDPR). For example, we now:
    • describe individuals’ rights to access their data, which applies regardless of location;
    • describe the legal bases for Microsoft’s data processing, including under the GDPR’s legitimate interests provisions, and the purposes of our processing of personal data; and
    • specify the choices individuals have with respect to sharing personal data with Microsoft, along with the consequences of sharing and Microsoft’s data processing.
  • In the Personal Data We Collect section, we:
    • added language to direct customers to the appropriate sections of the privacy statement;
    • added new examples of third-party sources of personal data; and
    • updated the descriptions of types of personal data we collect.
  • In the How We Use Personal Data section, we:
    • clarified how Microsoft uses data generally, using concepts from the data taxonomy framework in the ISO 19944 international standard;
    • clarified our policies around storing unauthenticated data and authenticated data; and
    • updated specific descriptions of how Microsoft uses personal data. For example, we added text to describe how we use personal data for promotional communications and legal compliance, and we provided information about where Microsoft uses automated systems to process personal data. Additionally, we moved some details about our advertising practices to a separate section under Other Important Information.
  • In the How to Access & Control Your Personal Data section, we described how customers can access their personal data and made the text applicable to all customers, regardless of their location.
  • In the Cookies and Similar Technologies section, we updated the description of the cookies Microsoft uses.
  • In the Notice to End Users section, we clarified cases when organizations, like an employer or school, have access to an individual’s personal data.
  • In the Microsoft Account section, we clarified the differences between the three types of Microsoft accounts.
  • In the Other Important Privacy Information section, we:
    • moved the contents of the European Privacy Rights subsection to the How to Access & Control Your Personal Data and How to Contact Us sections.
    • added a section called Advertising, using text from the original How We Use Personal Data section, to describe Microsoft’s advertising practices and commitments;
    • updated information on how Microsoft processes children’s personal data;
    • clarified how and when Microsoft makes changes to the privacy statement;
    • identified which Microsoft entities are data controllers under the GDPR, how to contact us, and how to lodge a complaint.
  • In the Enterprise and Developer Products section, we:
    • described how basic, aggregated account information related to Enterprise Online Services may be shared with authorized partners in certain circumstances.
    • identified that Microsoft is a data processor under the GDPR when providing the Enterprise Online Services.
  • In the Office and Skype sections we described new features and updated how existing features and functionality process personal data. For example, we explain how Cortana words in Skype.
  • In Search and Artificial Intelligence, we described our most current features and functionality. For example, in the Cortana subsection, we described the personal data Microsoft collects from users who are signed in and signed out of the service.
  • In the Windows section, we removed text about a service, Wi-Fi Connecting to suggest open hotspots, that is no longer available. Under Web Browsers, we described the type of browser data that syncs across devices.
  • In the Entertainment and Related Services section, we updated how existing features and functionality process personal data and provided new information on Xbox, Xbox Live, and Mixer.
  • We added a hyper link to access the privacy policy of our subsidiary LinkedIn.

April 2018

  • In Personal Data We Collect, we deleted references to defined terms in the Online Services Terms (OST) as data definitions changed in the April 2018 OST.
  • We updated the URL to the Law Enforcement Transparency Report in Reasons We Share Personal Data.
  • In Cookies & Similar Technologies, we updated the list of opt-out pages for our analytics providers.
  • In Where We Store and Process Personal Data, we listed additional countries where Microsoft operates data centers and updated the URL to the European Commission’s decisions on the adequacy of the protection of personal data in third countries.
  • We updated our Dublin address in How to Contact Us.
  • In Enterprise and Developer Products, we:
    • deleted the subsection for Cognitive Services as we moved Cognitive Services under the same terms as Azure services. To learn more, see: azure.microsoft.com/en-us/blog/microsoft-updates-cognitive-services-terms/.
    • added references to professional services available under the Online Services Terms.
    • added a reference to Personal Data, a new defined term in the Online Services Terms.
    • for transparency, we noted that Bing Search Services, as defined in the OST, use data as described in the Bing section of this Privacy Statement.
    • we updated the link to Microsoft SQL Server’s privacy supplement.
  • In Cortana, we describe how location data Cortana collects may be used to provide personalized experiences in other Microsoft products.
  • In Windows, we:
    • added text to describe new features, such as Activity History, and new functionality in Windows Apps.
    • updated the Diagnostics section to (i) provide more information about how Microsoft processes Diagnostic data, (ii) describe the new privacy control for Inking and Typing data, and (iii) provide more information about Tailored experiences.

February 2018

  • We added Adjust and Clicktale to the list of analytics providers in Cookies & Similar Technologies.

October 2017

  • We made minor edits throughout the privacy statement to reflect the updated name of our digital and physical stores, all now called “Microsoft Store”.
  • We updated the examples we provide of the technical measures we use to help de-identify the data Translator processes.
  • In Personal Data We Collect, we provide more transparency about Microsoft’s collection of data related to our app Spend and video.
  • In Cookies and Similar Technologies, we describe additional uses of cookies on various Microsoft websites.
  • In Where We Store and Process Personal Data, we provide more information about the European Commission’s views on the adequacy of the protection of personal data in the countries where Microsoft processes personal data.
  • In Microsoft account, we removed information about using Microsoft account with social media accounts, as we no longer provide that particular feature.
  • In Enterprise and Developer Products, we provide more information about the collection and processing of data in enterprise and developer products, including SQL Server.
  • In Windows, we clarify how certain features work in Microsoft Edge and Internet Explorer.
  • Additionally, we made minor edits for grammar and clarity.

September 2017

  • In Where We Store and Process Personal Data, we provided more information about Microsoft’s compliance with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework.

August 2017

  • We updated the preamble to reflect the broad scope of the privacy statement.
  • We changed the navigation of the product-specific details to make this information easier to find.
  • In Personal Data We Collect, we provided more examples of data we collect from developers and enterprise customers and made edits to better describe data we collect.
  • Under How We Use Personal Data, we made changes to improve transparency on how we use the data we collect. We updated the section on advertising to better describe our advertising practices.
  • In How to Access & Control Your Personal Data, we added information about how Volume Licensing customers can control their data. We also noted customers can opt out of interest-based advertising from third parties by visiting the third parties’ respective websites.
  • We updated Cookies & Similar Technologies to provide greater transparency on our use of cookies and similar technologies.
  • We added a section called Notice to End Users to provide individuals who gain access to Microsoft products through their organization, such as an employer or school, more information about how their data is processed.
  • In Where We Store and Process Personal Data, we listed additional countries where Microsoft operates data centers.
  • The European Privacy Rights section now only appears in certain European versions of the privacy statement.
  • In Cortana, we made changes to better describe how Cortana works. We also provided more information about how information is processed when Cortana uses a Connected Service or third-party skill.
  • We updated the Skype section to better describe how certain features work.
  • Under Windows we edited the name of certain features and functionality.
  • We edited Enterprise and Developer Products to better describe these products and increase transparency on our use of data related to these products. We also updated the name of Dynamics 365.
  • In some language versions, we made edits for grammar and clarity.

June 2017

  • We made a small update to the language in Privacy Shield to highlight that Microsoft participates in both the EU-U.S. and the Swiss-EU Privacy Shield frameworks.

March 2017

  • We updated Personal Data We Collect to provide customers with more transparency about the types of third parties that provide us with personal data. Additionally, we made edits to better describe the types of data we collect.
  • Under How We Use Personal Data, we clarified to customers how we use information about their activities, interests, and location to deliver personalized experiences.
  • In How to Access & Control Your Personal Data, we added information about the new Microsoft privacy dashboard, where customers can access and manage personal data collected from various Microsoft services. We added details about where users can delete their personal data on other Microsoft properties.
  • We added AppsFlyer to the list of analytics providers in Cookies & Similar Technologies.
  • We updated Microsoft Account to provide customers with information about how our new payment features work.
  • We added a new section called European Privacy Rights to inform customers in the European Economic Area of their data protection rights.
  • In Where We Store and Process Personal Data we provided customers with more information about where Microsoft processes data. We specified where Microsoft operates major data centers and explained how we determine where we process data. Additionally, we provided more transparency about transfers of personal data from the European Economic Area, including the legal basis for such transfers and how we protect customers’ rights when the data travels. We set forth our commitment to the EU-U.S. and the Swiss-U.S. Privacy Shield frameworks and direct customers on how they can exercise their Privacy Shield rights.
  • As we seek to be more transparent about how long we keep personal data, we set forth criteria we use to determine retention periods in Our Retention of Personal Data.
  • Under Bing, we provided more clarity to customers about how to turn off Search Suggestions, pointed customers to new capabilities to manage their data, and added details about how search query data is used for research and development purposes.
  • In Cortana, we added information to describe how new features work. We explained variations of Cortana on different operating systems and how Cortana interacts with other services. Additionally, we provided more information about how we use location information and moved information about Cortana’s use of information from Microsoft Edge up from the Windows section.
  • In Health Services, we made edits for clarity and to account for new applications in this product area.
  • We updated MSN to better clarify the type of data collected to provide customers with relevant content.
  • In Office we edited the structure of one sentence to make it more clear.
  • Under Windows we made a number of changes to improve transparency, to describe changes to certain functionality or new capabilities, and to account for new privacy measures we implemented, including:
    • Under Advertising ID, we explained how customers can control the use of this identifier and provided more clarity on how app developers and advertising networks use it.
    • We renamed Telemetry and Error Reporting to Diagnostics. In this section, we explained the two levels of diagnostic data, including the type of data collected for each level, depending on the customer’s setting. Additionally, we explained the new Tailored Experiences setting, which enables users to choose whether diagnostic data is used to personalize their experience.
    • We provided more clarity on the collection of location data in Windows location service.
    • In Recording, we described new capabilities and informed users of their potential legal responsibility related to the use of this feature.
    • In SmartScreen, we provided additional details about the data transmitted to Microsoft to help SmartScreen protect customers.
    • In Speech, Inking and Typing, we better described our speech recognition capabilities and provided more transparency about the data Microsoft collects to provide these and related services. Additionally, we explained to customers the controls available to manage this data.
    • Under Web Browsers we removed references to Page Prediction. The Page Prediction feature still exists in Microsoft browsers. However, browsing history to power the feature is now collected as part of Windows Diagnostics only from devices configured to return data at the Full level. We also moved disclosures about Cortana’s use of data from this section to the Cortana section.
    • We renamed Windows Wi-Fi Sense section to Wi-Fi Connecting to suggested open hotspots and edited this section to reflect changed branding and features.
    • We clarified Microsoft Wallet is an application only available for Windows Phone by renaming this section.
    • We added a section for Windows Media Player to describe how this feature works for versions of Windows where this application is available.
    • We edited Windows Search to describe how the feature can be used to search for items stored in other services.
  • In some language versions, we made edits for grammar.

February 2017

  • In Personal Data We Collect, we clarified additional details about the usage data we consider “Product use data.”

November 2016

  • In How We Use Personal Data, we updated Advertising to better clarify the use of your data by third parties to customize the ads you see.
  • In How to Access & Control Your Personal Data, we updated Your Communications Preferences, clarifying how to modify your preferences.
  • In Other Important Information, we updated the Where We Store and Process Personal Data section to reflect Microsoft’s participation in the EU-U.S. Privacy Shield program.
  • In Bing, we removed the Bing Rewards Program section, as Bing Rewards has been replaced by Microsoft Rewards.
  • We added a new Microsoft Cognitive Services section to explain how we collect and use data when developers use the services. We also clarified that Microsoft Cognitive Services are not Enterprise Products under this privacy statement.
  • We added a new Microsoft Translator section, to explain how Microsoft Translator, Collaborative Translations Framework, and Microsoft Translator Hub collect and use data.
  • In Windows, we revised the Telemetry & Error Reporting section to reflect that wireless network identifiers are collected at the optional “Enhanced” level of telemetry rather than at the “Basic” level.
  • We added a new captioning section in Xbox to explain how Microsoft incorporates a voice-to-text feature to provide captioning of in-game chat for users who need it.

September 2016

In Enterprise Products, we added links to privacy notices that still apply to certain enterprise offerings.


August 2016

  • In Personal Data We Collect, we added additional examples of when we collect data and the types of usage data we collect.
  • In How We Use Personal Data:
    • We clarified that we show ads in only some of our products, that we also deliver ads in third-party products, and that we partner with third-parties such as AOL and AppNexus to deliver ads. And we removed an outdated example of sharing data with a service provider to help with the delivery of ads.
    • We added additional examples of using data for product improvement purposes.
  • In Microsoft account:
    • We added text explaining the distinctions between a personal Microsoft account and a work or school account provided by your school or employer using Azure Active Directory.
    • We added an explanation that when you sign into a third-party product with your Microsoft account, and consent to share profile data, the third-party product can display your name or username and profile photo.
  • In Other Important Information, we updated the discussion of transferring data from the European Economic Area to specify our intent to adopt the forthcoming EU-U.S. Privacy Shield Principles.
  • In Cortana, we provided more examples of the types of data Cortana can access and use, described a new feature that allows for some functionality without being signed in, described new and enhanced user controls, and added descriptions (already provided to users in the product itself) of data sharing with third-party services that users can choose to connect with Cortana.
  • In Microsoft Health and Microsoft Band, we added more detail about the types of data these offerings collect and use, and removed some redundant text to simplify the section.
  • We added a new Outlook section (incorporating content previously in an Outlook.com section and an Outlook subsection of Office) to explain the distinctions between Outlook.com, Outlook applications, and related services, describe new cloud-based features, and describe how Outlook applications can be integrated with multiple accounts from third-party service providers.
  • In Skype, we added text explaining that this section applies only to the consumer version of Skype and not Skype for Business, describing how contacts are added to Skype from other Microsoft consumer services, and describing a new recording feature in some versions of Skype.
  • We added a new Store section, incorporating the content previously in a Windows Store subsection of Windows, and adding references to the Xbox Store and Office Store.
  • We added a new SwiftKey section to describe our recently acquired SwiftKey apps, incorporating the content from the previous SwiftKey privacy statement.
  • In Windows:
    • We expanded the description of Advertising ID to provide more details on its purpose and uses.
    • We renamed the "Input Personalization" section to Speech, Inking, and Typing and added additional examples of the data collected.
    • In Location Services, Motion Sensing, and Recording, we added descriptions of the new General location and Default location settings, and provided additional details of when location data is collected and retained by Microsoft.
    • We updated the Windows Defender section to explain new functionality that allows the use of Windows Defender to do periodic scanning even when there is another anti-malware service running.
    • We’ve revised the Telemetry & Error Reporting section to further clarify differences between Basic data, Enhanced data, and Full data.
    • We updated the Web Browsers: Microsoft Edge and Internet Explorer section to explain how to control Cortana’s access to your browsing history, and that enabling that feature will allow us to collect your Microsoft Edge search queries and full browsing history associated with your user ID to personalize your experience.
    • We revised the Wi-Fi Sense section to clarify that we are no longer offering functionality that will automatically connect to open Wi-Fi networks.
    • We added a section to Windows Apps describing the Mail and Calendar app, and updated the description of the Microsoft Wallet app to reflect to NFC functionality.
  • We added a new Enterprise Products section (replacing an Enterprise Services subsection of Other Important Information) to account for Microsoft products and related offerings offered or designed primarily for use by organizations and developers.
  • Throughout, we replaced the general term "services" with "products" to better reflect the full range of software, services, and devices Microsoft offers.
  • Throughout, we made several minor wording changes to improve clarity, or to address typos, grammar, or other similar issues.

January 2016

  • We simplified the introductory paragraph by removing a list of specific Microsoft services, referring instead to the list of services that appears later in the statement.
  • In Microsoft account, we added “display name” to the ways others can find and connect with you within Microsoft services.
  • In Other Important Privacy Information:
    • In Where We Store and Process Personal Data, we clarified that data may be stored in your region, and explained the ways data can be transferred from the European Economic Area to other countries.
    • We simplified How to Contact Us by removing the reference to Skype Software S.à.r.l.
  • In Skype, we made several edits to simplify and clarify language, remove redundancies, and explain that both Microsoft Corporation and Skype Communications S.à.r.l. are data controllers for Skype.
  • In Windows:
    • We added to Sync Settings, to clarify that the Windows sync settings apply to Internet Explorer browser history, and that some apps have their own separate sync controls.
    • We rewrote much of Telemetry & Error Reporting to clarify the different levels of telemetry, what types of data are included in each, the effect of the available user controls, and the limited sharing of error report information to partners (such as OEMs) to help them troubleshoot products and services which work with Windows and other Microsoft product and services.
    • We clarified Web Browsers to show the differences between sync functions and controls on Internet Explorer and Microsoft Edge.
  • Throughout, we made several minor wording changes to improve clarity, or to address typos, grammar, or other similar issues.

October 2015

  • We added examples to Personal Data We Collect to clarify when we need to collect content of files and communications so that we can provide our services to you.
  • We added examples to How We Use Personal Data about customer support and product activation, to further explain how we use your data to provide and improve our services.
  • In Reasons We Share Personal Data, we clarified that “private communications and documents in private folders” refers to content in cloud services, like Outlook.com and OneDrive, and not content stored on a person’s local device. We also added a link to our Law Enforcement Transparency Report.
  • In Cookies and Other Technologies, we added Kissmetrics and Webtrends to the list of data analytics service providers we use.
  • We clarified the difference between a personal Microsoft account and a work or school account provided to you by your organization.
  • In Other Important Privacy Information, we added Enterprise Services to clarify that if you have a work or school account, the owner of the domain associated with your email address may control and administer your account under its own policies, which may differ from ours.
  • In Bing, we updated “Autosuggest” to “Search Suggestions” and added information about how to opt out of Bing Rewards.
  • In Cortana, we added “Communications History” to the list of features.
  • We added Groove Music/Movies & TV, which replaces Xbox Music and Video to reflect the new branding of those services.
  • We added Microsoft Health Services, to incorporate information previously provided in separate privacy statements about Microsoft Band devices, Microsoft Health apps, HealthVault, and other related services.
  • We simplified Office, by moving the pertinent information from the old Excel subsection into Search services.
  • In Outlook, we deleted Social inbox.
  • In Skype, we added information about Translation feature.
  • In Windows, we added information about Recording.
  • In Xbox, we changed Voice chat to Communications monitoring. We also clarified that the Xbox Code of Conduct has been replaced with the Microsoft Code of Conduct.
  • Throughout, we made several minor wording changes to improve clarity, or to address typos, grammar, or other similar issues.

July 2015

We published a new Microsoft Privacy Statement that brought together many separate privacy statements into a single statement covering most of Microsoft’s consumer services. This restructuring of Microsoft’s privacy disclosures was designed to eliminate redundancies, improve usability, and increase clarity and transparency. We added some new elements, for example, to reflect new features of Windows 10, but the new statement did not represent a change in policy or practice for Microsoft.