Oh boy. Do I need to crack open the case from 2018 where a Dutch team found out that Microsoft was collecting data WITHOUT stating it in the ToS.
https://www.theregister.com/2018/11/16/microsoft_gdpr
Also: Even when stuff is written in the ToS it can still be illegal. (According to European law) Microsoft has broken GDPR laws in the past and will continue to do so. Whether it is written in the ToS or not.
(PS: I am not using the data hog google either) (PS: it is called "researching". Not " desperately searching for ammo")
https://www.ftc.gov/news-events/news/press-releases/2023/06/ftc-will-require-microsoft-pay-20-million-over-charges-it-illegally-collected-personal-information
https://www.cnil.fr/en/cookies-microsoft-ireland-operations-limited-fined-60-million-euros
https://www.windowscentral.com/microsoft/microsoft-expects-to-pay-dollar425-million-fine-for-linkedin-privacy-violations
And then there are the cases where European institutions got sued for USING Microsoft products.