Privacy at Microsoft
Protecting your data is our highest priority
When you use Microsoft business cloud services, you are entrusting us with your most valuable asset—your data. You trust its privacy will be protected and that it will only be used in a way that’s consistent with your expectations.
Our time-tested approach to privacy is grounded in our commitment to give you control over the collection, use, and distribution of your customer data. We are transparent about the specific policies, operational practices, and technologies that help ensure the privacy of your data in Microsoft business cloud services.
PRIVACY CONSIDERATIONS IN THE CLOUDOur commitment to GDPR
As part of our ongoing commitment to privacy, we made a number of investments and improvements to our data handling practices to support GDPR and the privacy rights of individuals.
LEARN MOREBuilt-in privacy
The Security Development Lifecycle (SDL) and Privacy Statement provide additional detail on our development process and transparent approach to keeping your data private.
Microsoft Security Development Lifecycle (SDL): privacy requirements are defined and integrated in the SDL, the software development process that helps developers build more secure products and services. The SDL helps address data protection and privacy requirements including effective privacy reviews of each release of a Microsoft product or service.
Microsoft Online Services Privacy Statement puts our commitment in writing and details Microsoft data protection policies and practices in clear, straightforward language.
Microsoft contractual commitments back our privacy best practices
Microsoft makes broad contractual commitments to business in our Online Services Terms. Microsoft will use customer data only to provide the services agreed upon, and for purposes compatible with providing those services. We do not use customer data or derive information from it for advertising.
Furthermore, we will not disclose customer data hosted in Microsoft business services to a government agency unless required by law. If law enforcement demands customer data, we will attempt to redirect the agency to request that data directly from the customer. If we are compelled to disclose customer data to law enforcement, we promptly notify the customer and provide a copy of the demand, unless legally prohibited from doing so.
In addition, we make specific, contractual, privacy-related commitments:
ISO/IEC 27018:2014 EU MODEL CLAUSESWe offer a policy roadmap—a set of 78 recommendations in 15 policy categories—as the foundation for a regulatory environment that leads to a trusted, responsible, and inclusive cloud.
LEARN MORE