Microsoft vs Samsung

Microsoft's privacy statement covers an enormous product surface — Windows, Office, Azure, Bing, Xbox, and Copilot — and the data practices vary dramatically across them. The umbrella policy is deliberately vague, deferring almost all specifics to product-level documentation. Cross-product data combination, AI model training on your content, and employer/school access to your files and communications are the key risks most consumers don't realise they're accepting.

Samsung's data appetite is unusually broad for a hardware maker: voice recordings stored on servers with potential third-party retention, keyboard input logging via Predictive Text synced across devices, and persistent hardware identifiers that survive ad-ID resets. The company explicitly acknowledges that sharing with business partners may constitute a data sale under US law (CCPA). Full GDPR-grade rights are reserved for EEA/UK/Swiss residents; everyone else gets basic access and deletion with no response-time commitments. Retention timelines are vague and there are no named security certifications or breach notification windows.