Privacy at Microsoft

Our customers own and control their data


Responding to government and law enforcement requests to access customer data

When governments or law enforcement make a lawful request for customer data from Microsoft, we are committed to transparency and limit what we disclose. Because Microsoft believes that customers should control their own data, we will not disclose customer data hosted in the Microsoft Cloud to a government or law enforcement except as you direct or where required by law.

In our commitment to transparency, we offer our Law Enforcement Requests Report site, which brings together in one place the reports that Microsoft issues regularly on requests for customer data made by law enforcement, as well as government requests related to US national security.

The aggregate data we have published shows clearly that only a tiny fraction—a small fraction of a percent—of our customers have ever been subject to a government request related to criminal law or national security. For enterprise customers, that number drops further to a mere handful.

Washington D.C. capitol builing against blue sky with clouds

Microsoft’s Position on The CLOUD Act

The new CLOUD Act creates a modern legal framework for how law enforcement agencies can access data across borders.

Learn more about The CLOUD Act

Our data privacy standards

Expand all

We believe that you should control your own data. Microsoft does not give any third party (including law enforcement, other government entity, or civil litigant) direct or unfettered access to customer data except as you direct.

When we receive a government or law enforcement request for customer data:

  • We always attempt to redirect the third party to obtain the requested data from our customer. We will promptly notify you of any third-party request, and give you a copy unless we are legally prohibited from doing so. (This commitment to redirect requests and to notify customers does not apply to Bing Search Services where the customer data has been de-linked such that we have no practical means to meet this commitment.)
  • For valid requests that we are not able to redirect to the customer, we disclose information only when we are legally compelled to do so, and we always make sure that we provide only the data specified in the legal order.

In either case, requests may require the release of the customer’s basic contact information.

Microsoft has taken a firm public stand on protecting customer data from inappropriate government access, and where necessary, it has advanced its position through the courts. DigitalConstitution.com tells how Microsoft has pursued a legal challenge to a search warrant that was issued by a magistrate judge in the United States.

We do not provide any government with our encryption keys or the ability to break our encryption.

Microsoft takes claims of copyright infringement seriously.

  • Anyone who believes their copyright is being infringed through use of a Microsoft service can report it on Notices of Infringement.
  • When Microsoft receives a Digital Millennium Copyright Act (DMCA) complaint about content hosted in one of our customer's online service subscriptions, we will notify our customer and ask that they resolve it directly with the complaining party. If our customer fails to respond or is involved in repeated violations, we may suspend service as detailed in our Online Services Terms.