Comment by asmor

I filed a GDPR complaint regarding this when they released it on Mac, because it is not transparent what data Microsoft stores when you stop fetching email over their Exchange proxy. This was their response, after 3 months...

• How long is mail data fetched from the non-Microsoft server retained? On 31st day of user inactivity we mark the account for removal. The account is soft deleted, and the data is purged within a week (approximately) after that.

• What happens with an account that is no longer being used? Does the service continue fetching and “enhancing” mail data or does it happen on demand when a user opens Outlook? - If the user is not signing into the 3rd party accounts using outlook mobile, Teams for life or Outlook for Mac. We stop syncing any data after 7 days and mark the account for deletion after 30 days.

• How do I know what data the service holds? - Service holds Mail, Calendar, contacts data and profile data for the user (User provides consent to collect this data during add account flow).

• How can I make sure data is no longer retained? (e.g., does logging out from Outlook delete the mail data and credentials?) - When removing the account in Mac you can choose to "Sign Out On All Devices" which deletes the mailbox from the Microsoft Cloud (Exchange-backed mailbox where the third-party account is being synced).

I also filed a complaint about not making it clear if data is required for processing (Article 13, Section 2(e) [1]) - but the supervisory authority ignored me on that one.

[1]: https://gdpr-info.eu/art-13-gdpr/