| Source | Azure Portal | ||||||
| Display name | Microsoft Managed Control 1844 - Consent | ||||||
| Id | 5ec0d156-53ba-4f29-8c17-1525cde54129 | ||||||
| Version | 1.0.0 Details on versioning |
||||||
| Versioning |
Versions supported for Versioning: 0 Built-in Versioning [Preview] |
||||||
| Category | Regulatory Compliance Microsoft Learn |
||||||
| Description | Microsoft implements this Individual Participation and Redress control | ||||||
| Additional metadata |
Name/Id: ACF1844 / Microsoft Managed Control 1844 Category: Individual Participation and Redress Title: Consent - Uses Not Initially Described Ownership: Customer, Microsoft Description: Ensures that individuals are aware of and, where feasible, consent to all uses of PII not initially described in the public notice that was in effect at the time the organization collected the PII. Requirements: When creating a new Azure account, the customer must agree to the Microsoft Services Agreement and privacy and cookies statement. Microsoft utilizes privacy reviews to ensure potential privacy issues such as text that contradicts Azure’s privacy commitments, unapproved EULAs, or incorrect links to privacy statements do not arise. The reviews show that Microsoft validates information that is available to individuals is accurate, including information related to consent. PII is collected while signing up for services and subscriptions. During the sign up process, Microsoft requires adherence to the Privacy Statement to inform the customer of what information Microsoft collects, and how it is utilized. Whenever Microsoft requires new uses for PII, additional consent is requested from the individual. When creating an account, Azure requires the customer to agree to the subscription agreement, offer details, privacy statement, and communications policy. This allows the customer to consent to information as defined in the privacy statement. Microsoft Azure continues to abide by the terms of the Privacy Shield framework but will no longer rely on it as a basis for the transfer of personal data from the EU/EEA to the United States. Instead, the company relies on: * The Standard Contractual Clauses (also known as EU Model Clauses) as a lawful transfer mechanism for personal data from the EU and the European Economic Area. * An updated Microsoft Data Protection Addendum (DPA) for Online Services which reflects that transfers of personal data from the European Union, European Economic Area, Switzerland, and United Kingdom are now governed by the Standard Contractual Clauses (controller to processor) contained in Attachment 2 to the DPA. |
||||||
| Mode | Indexed | ||||||
| Type | Static | ||||||
| Preview | False | ||||||
| Deprecated | False | ||||||
| Effect | Fixed audit |
||||||
| RBAC role(s) | none | ||||||
| Rule aliases | none | ||||||
| Rule resource types | IF (2) Microsoft.Resources/subscriptions Microsoft.Resources/subscriptions/resourceGroups |
||||||
| Compliance | Not a Compliance control | ||||||
| Initiatives usage | none | ||||||
| History |
|
||||||
| JSON compare | n/a | ||||||
| JSON |
|