Enhancing trust and protecting privacy in the AI era

News & Case Studies

We want to empower our customers to harness the full potential of new technologies like artificial intelligence, while meeting their privacy needs and expectations. Today we’re sharing key aspects of how our approach to protecting privacy in AI – including our focus on security, transparency, user control, and continued compliance with data protection requirements – are core components of our new generative AI products like Microsoft Copilot.

We create our products with security and privacy incorporated through all phases of design and implementation. We provide transparency to enable people and organizations to understand the capabilities and limitations of our AI systems, and the sources of information that generate the responses they receive, by providing information in real-time as users engage with our AI products. We provide tools and clear choices so people can control their data, including through tools to access, manage, and delete personal data and stored conversation history.

Our approach

Data security is core to privacy

Keeping data secure is an essential privacy principle at Microsoft and is critical to ensuring trust in AI systems. Microsoft implements appropriate technical and organizational measures to ensure data is secure and protected in our AI systems.

Transparent choices and disclosures while users engage with Microsoft Copilot

To help people understand the capabilities of these new AI tools, Copilot provides in-product information that clearly lets users know that they are interacting with AI and provides easy-to-understand choices in a conversational style. As people interact, these disclosures and choices help provide a better understanding of how to harness the benefits of AI and limit potential risks.


Grounding responses in evidence and sources

Copilot also provides information about how its responses are centered, or “grounded”, on relevant content. In our AI offerings in Bing, Copilot.microsoft.com, Microsoft Edge, and Windows, our Copilot responses include information about the content from the web that helped generate the response. In Copilot for Microsoft 365, responses can also include information about the user’s business data included in a generated response, such as emails or documents that you already have permission to access. By sharing links to input sources and source materials, people have greater control of their AI experience and can better evaluate the credibility and relevance of Microsoft Copilot outputs, and access more information as needed.

Data protection user controls

Microsoft provides tools that put people in control of their data. We believe all organizations offering AI technology should ensure consumers can meaningfully exercise their data subject rights.