Privacy guide for personal insights

Personal insights in Microsoft Viva Insights help you find opportunities to build better habits and get back in control of your time. This article describes how Viva Insights uses personal data for personal insights, where it stores that data, and the ways in which it was designed to keep that data safe. It also describes how Viva Insights complies with GDPR regulations.

Summary of key points

  • Personal insights in Viva Insights is not designed to enable evaluation, tracking, automated decision making, profiling, or monitoring. Viva Insights provides you with personal insights through the Viva Insights app in Microsoft Teams and on the web, the Insights Outlook add-in, Viva digest emails, Briefing emails, and inline suggestions in Outlook. Personal insights in Viva Insights has no mechanism or option that allows anyone but you to access the personalized information that is displayed through these surfaces, unless you purposefully and independently share it. Personal insights data provided by Viva Insights cannot be used for automated decision making or for profiling.

  • Personal insights in Viva Insights does not give employees access to new personally identifiable information on other coworkers. Viva Insights converts data into personal insights by doing calculations on information that you generate just by going about your workday. Most of the data that you see in personal insights from Viva Insights is simply an aggregation of information to which you already have access, but that you wouldn’t be able to quickly perform calculations on without some support.

  • Personal insights in Viva Insights data is processed and stored in the employee’s Exchange Online mailbox. Viva Insights processes data from these sources for personal insights: Exchange Online email and calendar data, chat and call signals from Skype for Business and from Teams. Viva Insights stores and processes this data inside each employee’s Exchange Online mailbox.

  • Personal insights in Viva Insights supports General Data Protection Regulation (GDPR) compliance. Microsoft has designed Personal insights in Viva Insights to support your organization’s needs to follow GDPR requirements.

Key principles

  • As a Viva Insights user, only you can see your own data.
  • Your data is stored and computed in your Exchange Online mailbox.
  • You can opt in and opt out at any time.
  • Personal insights in Viva Insights shows you no personally identifiable info of co-workers beyond what you can already see in Outlook and Teams.

Where to see personal insights

Personal insights in Viva Insights are available as follows:

Data types

Viva Insights provides personal insights with the following types of data.

  • Mailbox data - Email, calendar, chat, and call activity that you generate by using Microsoft 365, such as time that you spend in meetings or emails that you send to a specific person or group.
  • Incremental data - Data that would otherwise be unavailable to you but is presented in an aggregated form designed to protect individual privacy.

Mailbox data

Mailbox data represents information that you already have access to simply by going about your job, such as sending emails, arranging meetings, or chatting with coworkers. Viva Insights processes and shows the information in ways that make it actionable.

For example, Viva Insights provides views that allow you to quickly understand how much time you spend in meetings and in email every day, who you collaborate with the most, who you are losing touch with, and to whom you have made commitments and requests.

You can take action on this information. You might decide that you spend too much time in meetings, for example, and adopt a personal goal of running more efficient meetings.

Personal insights are derived from data that is already available to you in the following places:

  • Your Exchange Online mailbox
  • Your activity in OneDrive and SharePoint documents
  • Your chat and call history from Teams and from Skype for Business

Viva Insights simply applies some basic calculations and rules to make this data more actionable. Mailbox data is stored directly in your Exchange Online mailbox.

For example, if you want to determine which colleagues sent you the most email over the past week, you could technically do so without Viva Insights by manually counting emails from coworkers in your inbox. Similarly, you could determine your coworkers’ average response time to the emails that you sent them by using the timestamp information readily available in your mailbox. Viva Insights saves you the trouble of having to perform these tedious calculations.

Incremental data

In a few cases, Personal insights in Viva Insights provides you with de-identified information on other people that would not have otherwise been available to them, such as for Email read rates.

Email read rates

Viva Insights tracks the percentage of recipients who opened an email message (in the Outlook add-in) for email that you’ve sent to five or more people.

To preserve privacy, Viva Insights does not track read rates for messages sent to fewer than five people. Viva Insights also doesn't show read rates of "0 percent" or "100 percent," as that would allow people to make definitive conclusions about individual coworker actions. Instead, the read rate in these cases is displayed as a range that encompasses a threshold value that depends on the number of recipients of the email.

This metric is calculated based on the "read" flag in Exchange Online. For some people, messages are flagged as "read" when you open a message in the Outlook preview pane. For others, you might need to double-click to open the message to mark it as "read."

You can control this setting in your Outlook settings. To show these signals in the sender’s mailbox, the “read” flag is copied within the Microsoft 365 environment, and then delivered to the sender’s mailbox.

GDPR Compliance

As is the case with the full Microsoft 365 suite, Viva Insights helps support compliance with GDPR requirements. For example, Viva Insights supports the following:

  • Secure and protect personal data. Because all Personal insights data in Viva Insights is stored in your Exchange Online mailbox, Viva Insights meets this security obligation by virtue of Exchange Online also meeting the obligation.
  • Requests to export, delete, or restrict processing personal data. Microsoft supports user requests, such as requests for export of or deletion of data.

For more information, see GDPR compliance.