Responding to government and law enforcement requests to access customer data
When governments or law enforcement make a lawful request for customer data from Microsoft, we are committed to transparency and limit what we disclose. Because Microsoft believes that customers should control their own data, we will not disclose customer data hosted in the Microsoft Cloud to a government or law enforcement except as you direct or where required by law.
In our commitment to transparency, we have launched the Microsoft Transparency Hub, which brings together in one place the reports that Microsoft issues regularly on requests for customer data made by law enforcement, as well as government requests related to US national security.
- Law Enforcement Requests Report discloses the scope and number of requests for access to Microsoft customer data.
- US National Security Orders Report documents government requests for customer data through legal orders issued pursuant to the national security laws of the United States.
The aggregate data we have published shows clearly that only a tiny fraction—a small fraction of a percent—of our customers have ever been subject to a government request related to criminal law or national security. For enterprise customers, that number drops further to a mere handful.
Our data privacy standards
We do not offer direct access to customer data. We believe that you should control your own data. Microsoft does not give any third party (including law enforcement, other government entity, or civil litigant) direct or unfettered access to customer data except as you direct.
We redirect law enforcement and other third-party requests to the customer. When we receive a government or law enforcement request for customer data:
- We always attempt to redirect the third party to obtain the requested data from our customer. We will promptly notify you of any third-party request, and give you a copy unless we are legally prohibited from doing so. (This commitment to redirect requests and to notify customers does not apply to Cognitive Services where the customer data has been de-linked such that we have no practical means to meet this commitment.)
- For valid requests that we are not able to redirect to the customer, we disclose information only when we are legally compelled to do so, and we always make sure that we provide only the data specified in the legal order.
In either case, requests may require the release of the customer’s basic contact information.
Microsoft has taken a firm public stand on protecting customer data from inappropriate government access, and where necessary, it has advanced its position through the courts. DigitalConstitution.com tells how Microsoft has pursued a legal challenge to a search warrant that was issued by a magistrate judge in the United States.
We do not give access to platform encryption keys. We do not provide any government with our encryption keys or the ability to break our encryption.
We protect intellectual property. Microsoft takes claims of copyright infringement seriously.
- Anyone who believes their copyright is being infringed through use of a Microsoft service can report it on Notices of Infringement.
- When Microsoft receives a Digital Millennium Copyright Act (DMCA) complaint about content hosted in one of our customer's online service subscriptions, we will notify our customer and ask that they resolve it directly with the complaining party. If our customer fails to respond or is involved in repeated violations, we may suspend service as detailed in our Online Services Terms.