last sync: 2024-Nov-25 18:54:24 UTC

Microsoft Managed Control 1841 - Consent | Regulatory Compliance - Individual Participation and Redress

Azure BuiltIn Policy definition

Source Azure Portal
Display name Microsoft Managed Control 1841 - Consent
Id b92ae63b-4411-48ba-b5c9-5bcaef5f8d02
Version 1.0.0
Details on versioning
Versioning Versions supported for Versioning: 0
Built-in Versioning [Preview]
Category Regulatory Compliance
Microsoft Learn
Description Microsoft implements this Individual Participation and Redress control
Additional metadata Name/Id: ACF1841 / Microsoft Managed Control 1841
Category: Individual Participation and Redress
Title: Consent - Mechanisms Supporting Itemized or Tiered Consent
Ownership: Customer, Microsoft
Description: Provides means, where feasible and appropriate, for individuals to authorize the collection, use, maintaining, and sharing of personally identifiable information (PII) prior to its collection;
Requirements: When creating a new Azure account, the customer must agree to the Microsoft Services Agreement and privacy and cookies statement. Microsoft utilizes privacy reviews to ensure potential privacy issues such as text that contradicts Azure’s privacy commitments, unapproved EULAs, or incorrect links to privacy statements do not arise. The reviews show that Microsoft validates information that is available to individuals is accurate, including information related to consent. PII is collected while signing up for services and subscriptions. During the sign up process, Microsoft requires adherence to the Privacy Statement to inform the customer of what information Microsoft collects, and how it is utilized. Whenever Microsoft requires new uses for PII, additional consent is requested from the individual. When creating an account, Azure requires the customer to agree to the subscription agreement, offer details, privacy statement, and communications policy. This allows the customer to consent to information as defined in the privacy statement. Microsoft Azure continues to abide by the terms of the Privacy Shield framework but will no longer rely on it as a basis for the transfer of personal data from the EU/EEA to the United States. Instead, the company relies on: * The Standard Contractual Clauses (also known as EU Model Clauses) as a lawful transfer mechanism for personal data from the EU and the European Economic Area. * An updated Microsoft Data Protection Addendum (DPA) for Online Services which reflects that transfers of personal data from the European Union, European Economic Area, Switzerland, and United Kingdom are now governed by the Standard Contractual Clauses (controller to processor) contained in Attachment 2 to the DPA.
Mode Indexed
Type Static
Preview False
Deprecated False
Effect Fixed
audit
RBAC role(s) none
Rule aliases none
Rule resource types IF (2)
Microsoft.Resources/subscriptions
Microsoft.Resources/subscriptions/resourceGroups
Compliance Not a Compliance control
Initiatives usage none
History
Date/Time (UTC ymd) (i) Change type Change detail
2022-04-01 20:29:14 add b92ae63b-4411-48ba-b5c9-5bcaef5f8d02
JSON compare n/a
JSON
api-version=2021-06-01
EPAC