last sync: 2024-Nov-25 18:54:24 UTC

Microsoft Managed Control 1842 - Consent | Regulatory Compliance - Individual Participation and Redress

Azure BuiltIn Policy definition

Source Azure Portal
Display name Microsoft Managed Control 1842 - Consent
Id d78966ce-05c7-4967-829d-9a414ea2bc92
Version 1.0.0
Details on versioning
Versioning Versions supported for Versioning: 0
Built-in Versioning [Preview]
Category Regulatory Compliance
Microsoft Learn
Description Microsoft implements this Individual Participation and Redress control
Additional metadata Name/Id: ACF1842 / Microsoft Managed Control 1842
Category: Individual Participation and Redress
Title: Consent - Provide Means to UnderstAnd PII Collection
Ownership: Customer, Microsoft
Description: Provides appropriate means for individuals to understand the consequences of decisions to approve or decline the authorization of the collection, use, dissemination, and retention of PII;
Requirements: When creating a new Azure account, the customer must agree to the Microsoft Services Agreement and privacy and cookies statement. Microsoft utilizes privacy reviews to ensure potential privacy issues such as text that contradicts Azure’s privacy commitments, unapproved EULAs, or incorrect links to privacy statements do not arise. The reviews show that Microsoft validates information that is available to individuals is accurate, including information related to consent. PII is collected while signing up for services and subscriptions. During the sign up process, Microsoft requires adherence to the Privacy Statement to inform the customer of what information Microsoft collects, and how it is utilized. Whenever Microsoft requires new uses for PII, additional consent is requested from the individual. When creating an account, Azure requires the customer to agree to the subscription agreement, offer details, privacy statement, and communications policy. This allows the customer to consent to information as defined in the privacy statement. Microsoft Azure continues to abide by the terms of the Privacy Shield framework but will no longer rely on it as a basis for the transfer of personal data from the EU/EEA to the United States. Instead, the company relies on: * The Standard Contractual Clauses (also known as EU Model Clauses) as a lawful transfer mechanism for personal data from the EU and the European Economic Area. * An updated Microsoft Data Protection Addendum (DPA) for Online Services which reflects that transfers of personal data from the European Union, European Economic Area, Switzerland, and United Kingdom are now governed by the Standard Contractual Clauses (controller to processor) contained in Attachment 2 to the DPA.
Mode Indexed
Type Static
Preview False
Deprecated False
Effect Fixed
audit
RBAC role(s) none
Rule aliases none
Rule resource types IF (2)
Microsoft.Resources/subscriptions
Microsoft.Resources/subscriptions/resourceGroups
Compliance Not a Compliance control
Initiatives usage none
History
Date/Time (UTC ymd) (i) Change type Change detail
2022-04-01 20:29:14 add d78966ce-05c7-4967-829d-9a414ea2bc92
JSON compare n/a
JSON
api-version=2021-06-01
EPAC