Enhancing trust and protecting privacy in the AI era

abstract image of a network

At Microsoft we want to empower our customers to harness the full potential of new technologies like artificial intelligence, while meeting their privacy needs and expectations. Today we’re sharing key aspects of how our approach to protecting privacy in AI – including our focus on security, transparency, user control, and continued compliance with data protection requirements – are core components of our new generative AI products like Microsoft Copilot.

We create our products with security and privacy incorporated through all phases of design and implementation. We provide transparency to enable people and organizations to understand the capabilities and limitations of our AI systems, and the sources of information that generate the responses they receive, by providing information in real-time as users engage with our AI products. We provide tools and clear choices so people can control their data, including through tools to access, manage, and delete personal data and stored conversation history.

Our approach to privacy in AI systems is grounded in our longstanding belief that privacy is a fundamental human right. We are committed to continued compliance with all applicable laws, including privacy and data protection regulations, and we support accelerating the development of appropriate guardrails to build trust in AI systems.

We believe the approach we have taken to enhance privacy in our AI technology will help provide clarity to people about how they can control and protect their data in our new generative AI products.

Our approach

A table with four Microsoft commitments to advance trust and protect privacy in AI

Data security is core to privacy

Keeping data secure is an essential privacy principle at Microsoft and is critical to ensuring trust in AI systems. Microsoft implements appropriate technical and organizational measures to ensure data is secure and protected in our AI systems.

Microsoft has integrated Copilot into many different services including Microsoft 365, Dynamics 365, Viva Sales, and Power Platform: each product is created and deployed with critical security, compliance, and privacy policies and processes. Our security and privacy teams employ both privacy and security by design throughout the development and deployment of all our products. We employ multiple layers of protective measures to keep data secure in our AI products like Microsoft Copilot, including technical controls like encryption, all of which play a crucial role in the data security of our AI systems. Keeping data protected and secure in AI systems – and ensuring that the systems are architected to respect data access and handling policies – are central to our approach. Security and privacy are principles that are built into our internal Responsible AI standard and we are committed to continuing to focus on privacy and security to keep our AI products safe and trustworthy.

Transparency

Transparency is another key principle for integrating AI into Microsoft products and services in a way that promotes user control and privacy, and builds trust. That’s why we are committed to building transparency into people’s interactions with our AI systems. This approach to transparency starts with providing clarity to users when they are interacting with an AI system if there is risk that they will be confused. And we provide real-time information to help people better understand how AI features work.

Microsoft Copilot uses a variety of transparency approaches that meet users where they are. Copilot provides clear information about how it collects and uses data, as well as its capabilities and its limitations. Our approach to transparency also helps people understand how they can best leverage the capabilities of Copilot as an everyday AI tool and provides opportunities to learn more and provide feedback.

Transparent choices and disclosures while users engage with Microsoft Copilot

To help people understand the capabilities of these new AI tools, Copilot provides in-product information that clearly lets users know that they are interacting with AI and provides easy-to-understand choices in a conversational style. As people interact, these disclosures and choices help provide a better understanding of how to harness the benefits of AI and limit potential risks.

Microsoft offers choice in Microsoft Copilot in Bing and Windows through a range of conversational styles, allowing people to decide the approach that works best for them in responses

Grounding responses in evidence and sources

Copilot also provides information about how its responses are centered, or “grounded”, on relevant content. In our AI offerings in Bing, Copilot.microsoft.com, Microsoft Edge, and Windows, our Copilot responses include information about the content from the web that helped generate the response. In Copilot for Microsoft 365, responses can also include information about the user’s business data included in a generated response, such as emails or documents that you already have permission to access. By sharing links to input sources and source materials, people have greater control of their AI experience and can better evaluate the credibility and relevance of Microsoft Copilot outputs, and access more information as needed.

Grounding in multi-model scenarios for Co-pilot

Data protection user controls

Microsoft provides tools that put people in control of their data. We believe all organizations offering AI technology should ensure consumers can meaningfully exercise their data subject rights.

Microsoft provides the ability to control your interactions with Microsoft products and services and honors your privacy choices. Through the Microsoft Privacy Dashboard, our account holders can access, manage, and delete their personal data and stored conversation history. In Microsoft Copilot, we honor additional privacy choices that our users have made in our cookie banners and other controls, including choices about data collection and use.

The Microsoft Privacy Dashboard allows users to access, manage and delete their data when signed into their Microsoft Account

Additional transparency about our privacy practices

Microsoft provides deeper information about how we protect individuals’ privacy in Microsoft Copilot and our other AI products in our transparency materials such as M365 Copilot FAQs and The New Bing: Our Approach to Responsible AI, which are publicly available online. These transparency materials describe in greater detail how our AI products are designed, tested, and deployed – and how our AI products address ethical and social issues, such as fairness, privacy, security, and accountability. Our users and the public can also review the Microsoft Privacy Statement which provides information about our privacy practices and controls for all of Microsoft’s consumer products.

AI systems are new and complex, and we are still learning how we can best inform our users about our groundbreaking new AI tools in a meaningful way. We continue to listen and incorporate feedback to ensure we provide clear information about how Microsoft Copilot works.

Complying with current laws, and supporting advancements in global data protection regulation

Microsoft is compliant today with data protection laws in all jurisdictions where we operate. We will continue to work closely with governments around the world to ensure we stay compliant, even as legal requirements develop and change.

Companies that develop AI systems have an important role to play in working with privacy and data protection regulators around the world to help them understand how AI technology is evolving. We engage with regulators to share information about how our AI systems work, how they protect personal data, the lessons we have learned as we have developed privacy, security and responsible AI governance systems, and our ideas about how to address unique issues around AI and privacy.

Regulatory approaches to AI are advancing in the European Union through its AI Act, and in the United States through the President’s Executive Order. We expect additional regulators around the globe will seek to address the opportunities and the challenges that new AI technologies will bring to privacy and other fundamental rights. Microsoft’s contribution to this global regulatory discussion includes our Blueprint for Governing AI, where we make suggestions about the variety of approaches and controls governments may want to consider to protect privacy, advance fundamental rights, and ensure AI systems are safe. We will continue to work closely with data protection authorities and privacy regulators around the world as they develop their approaches.

As society moves forward in this era of AI, we will need privacy leaders within government, organizations, civil society, and academia to work together to advance harmonized regulations that ensure AI innovations benefit everyone and are centered on protecting privacy and other fundamental human rights.

At Microsoft, we are committed to doing our part.

Tags: , , , ,