Microsoft has once again gathered us around the campfire to tell a soothing bedtime story called “Your Data, Your Choices: Understanding Microsoft’s Privacy Commitments” It is a heartwarming tale about trust, transparency, and the idea that this time they really mean it.

I want to believe. Truly. But Microsoft has been the “it is not what it looks like” tech company for so long that even Clippy would quietly slide off screen.

After all, when you are truly confident, you do not need to keep reassuring everyone.

Telemetry The Data That Is Somehow Not Your Data

Microsoft wants you to know they deeply respect your privacy. This is evident in the way Windows still treats telemetry like a non negotiable lifestyle choice.

You can reduce it. You can manage it. You can configure it through settings, policies, scripts, and ancient rituals. Turning it fully off is a different story.

That data is essential. Essential to what is never quite explained, but it is essential enough that even enterprise systems still quietly report home.

Your data, your choices except for the data Microsoft already decided it needs.

Recall Because Forgetting Was Apparently a Bug

Then there is Recall, Microsoft’s bold new feature that answers the question nobody asked.

“What if your computer remembered literally everything you have ever done?”

Screenshots of your screen. Constantly. Indexed. Searchable. Local until it is not. Secure until it is not. Disabled until an update has second thoughts.

Microsoft assures us Recall is private, encrypted, and completely under your control. Which is comforting, because they have never shipped a feature that launched opt out, half baked, or mysteriously re enabled itself later.

Calling Recall privacy forward is like calling a security camera a wellness feature.

New Outlook Because Your Email Was Too Local

Then there is the New Outlook experience, which quietly changes a basic assumption users have held for decades, without most of them ever realizing it.

Email that once connected directly to your mail provider is now routed through Microsoft servers instead. Credentials, messages, metadata, and synchronization all pass through infrastructure the vast majority of users are not even aware they are using.

Microsoft presents this as modernization. A unified experience. Cloud powered convenience.

What it actually means is that even when you use third party email accounts, Microsoft becomes an unavoidable intermediary. Your email still belongs to you, of course, but it takes a scenic route through Redmond first.

For most users, there is no clear moment of consent, no obvious warning, and no simple explanation of what changed. The classic client is deprecated, nudged aside, or replaced, until this new routing model becomes the default and awareness becomes optional.

Privacy, once again, is something you are assumed to have agreed to, even if you never knew there was anything to agree to.

BitLocker Encrypt Everything And Maybe Share the Key

Ah yes, BitLocker. The crown jewel of “your data is safe.”

Unless your recovery key is automatically uploaded to your Microsoft account. Stored somewhere you did not explicitly choose. Potentially accessible through legal requests.

Microsoft frames this as convenience. Just in case you forget your password. Just in case something goes wrong.

Nothing says privacy as a fundamental human right quite like encryption with a spare key behind the curtain.

Just the fact that Microsoft can access your account information in the first place to be able to share BitLocker keys with whomever they choose illustrates just how unsecured and at risk people’s data truly is.

Consent But Make It Abstract

Microsoft loves the word consent.

In practice, consent often means clicking Accept on a screen designed to be dismissed as quickly as possible. Navigating layers of settings with names like Optional Diagnostic Experiences Recommended. Trusting that the default option is what you would pick if you had time, energy, and a law degree or making EULA so complex they make lawyers shriek in fright!

This is not informed consent. This is user experience assisted surrender.

Your PC, Your Account (Mandatory), Our Data Collection

For years, installing Windows meant one simple thing: you owned the machine, so you decided how it was set up.

That assumption is quietly disappearing.

On modern versions of Windows, installing the operating system increasingly requires signing in with a Microsoft account. Not for syncing. Not for OneDrive. Not for convenience. Just to get past the installer and use the computer you already paid for.

Microsoft frames this requirement as security, personalization, and a better experience. What it actually enforces is identity binding by default. Your operating system is no longer simply installed; it is enrolled.

Before telemetry settings. Before privacy options. Before consent screens you may never fully read. You must first identify yourself.

This is not transparency. This is a prerequisite.

When the ability to use your own computer depends on creating an online account, privacy stops being a choice and becomes a conditional privilege. You may opt out of certain features later, but only after you have already agreed to the most fundamental one: tying your device to Microsoft’s ecosystem.

Your PC. Your data. Your choices.

As long as you sign in first.

AI Copilot And the Era of Pinky Promises

We are reassured that Copilot does not train foundation models on your data. Which is technically precise in the way only legal teams and marketing departments can achieve.

Your data may still be processed. Retained. Logged. Reviewed. Used to improve the experience.

But do not worry. It is not being used for that specific scary thing you are thinking about. Probably.

Questionable Certainty in Microsoft’s Privacy Language

Microsoft frames its privacy position with the assertion that “privacy is more than a legal requirement, it’s a fundamental human right.” While rhetorically strong, this claim is not accompanied by concrete limits on how data is collected, retained, or repurposed. Declaring privacy as a value does not explain how that value constrains business incentives or product design choices. The statement signals intent, but it does not establish accountability or measurable obligations.

Similarly, the repeated assurance that “you control your data” glosses over how constrained that control often is in practice. Many data sharing decisions are embedded in default settings or tied to basic service functionality, meaning that opting out can limit or eliminate product use altogether. In this context, control functions less as an empowering right and more as a conditional permission granted within boundaries defined by Microsoft itself.

Even Microsoft’s more specific claims invite scrutiny. The statement that “your prompts, responses, and data aren’t used to train foundation large language models” is narrowly framed and carefully worded. It does not address whether the same data may be used for analytics, diagnostics, feature improvement, or other internal purposes. Likewise, references to “strong internal governance” and data being “protected within your Microsoft 365 environment” are left undefined, with no public detail about enforcement, audit outcomes, or exceptions such as lawful access. Together, these phrases create an impression of robustness while leaving critical questions about real world data use unanswered.

The Real Microsoft Privacy Philosophy

Strip away the blog posts, the branding, and the friendly stock photos and the message becomes simpler.

“We care deeply about your privacy as long as it does not interfere with telemetry, AI ambitions, cloud dependency, or regulatory convenience.”

Microsoft is a business and only cares about one thing, dividends for their shareholders. It’s always about the $$$. Everything else is secondary (or even lesser). They will always do the lease that they can get away with to minimize costs and maximize profit.

To be fair, this describes much of the industry. Microsoft is just unusually confident saying it out loud with a smile.

Final Thoughts

Microsoft wants credit for saying the right words.

• Transparency
• Choice
• Control
• Trust

Privacy is not what you promise in a blog post. It is what you do not collect. What you do not enable by default. What you do not quietly turn back on after Patch Tuesday.

The more insistently a company talks about these values, the more uneasy it makes me, the more I get worried! If such principles were truly being upheld, users wouldn’t need to be persuaded, it would be self-evident. Instead, what we’re seeing are growing concerns rather than confidence.

Moreover, “The cloud is just someone else’s computer.” In this cloud-centric era, people and companies have surrendered control over their data, security and privacy, blindly trusting private corporations whose primary goal is solely profits.

So yes. Your data, your choices, but!

Just remember that Microsoft still defines which data counts as yours, and which choices are available.

Sleep tight. Your PC is watching 👀