Does Azure OpenAI fall under the DPA

Question

Does Azure OpenAI fall under the DPA

Philipp 5

Does Azure OpenAI fall under the Microsoft DPA (Microsoft Products and Services Data Protection Addendum)? The DPA clearly excludes Previews from the DPA, but Azure OpenAI is classed as a Limited Access Version in the legal documents. So I am not clear whether the DPA applies to it or it is excluded because it is a Preview.

DPA:

"Previews may employ lesser or different privacy and security measures than those typically present in the Products and Services. Unless otherwise noted, Customer should not use Previews to process Personal Data or other data that is subject to legal or regulatory compliance requirements. For Products, the following terms in this DPA do not apply to Previews: Processing of Personal Data; GDPR, Data Security, and HIPAA Business Associate."

If the DPA (or parts of it) do not apply because it is a Preview, then this would cause significant compliance risk.

Thank you for your help in advance.

Philipp 5 Reputation points

2023-09-07T20:57:09.45+00:00

Update: I got confirmation from Microsoft Support that Azure OpenAI is a Preview and therefore the exclusion clause in the Microsoft Products and Services Data Protection Addendum applies. This means that Azure OpenAI cannot be used with any personal data (GDPR) as the necessary compliance requirements for DPAs are not fulfilled.

2 answers

Your answer

Philipp 5 Reputation points

2023-09-07T20:57:09.45+00:00

Update: I got confirmation from Microsoft Support that Azure OpenAI is a Preview and therefore the exclusion clause in the Microsoft Products and Services Data Protection Addendum applies. This means that Azure OpenAI cannot be used with any personal data (GDPR) as the necessary compliance requirements for DPAs are not fulfilled.

Answer 1

Saurabh Sharma 23,851 Microsoft Employee Moderator

Hi @Philipp ,

Thanks for sharing the details. This will help other community members.

Resolution from OP ( @Philipp ) Posting as Answer, to help other find this resolution.

Update: I got confirmation from Microsoft Support that Azure OpenAI is a Preview and therefore the exclusion clause in the Microsoft Products and Services Data Protection Addendum applies. This means that Azure OpenAI cannot be used with any personal data (GDPR) as the necessary compliance requirements for DPAs are not fulfilled.

Please "Accept the answer" to help others in the community.

Thanks

Saurabh

Philipp 5 Reputation points

2023-09-08T09:38:34.6366667+00:00

So the question now is, if it is a Preview and generally this clause applies, is Azure OpenAI a product regarding this clause:

Previews may employ lesser or different privacy and security measures than those typically present in the Products and Services.
Unless otherwise noted, Customer should not use Previews to process Personal Data or other data that is subject to legal or regulatory compliance requirements. For Products, the following terms in this DPA do not apply to Previews: Processing of Personal Data; GDPR, Data Security, and HIPAA Business Associate."
Saurabh Sharma 23,851 Reputation points Microsoft Employee Moderator

2023-09-12T17:29:32.43+00:00

Philipp sorry for delay on this one, but as this is a legal recommendation about the service and so, you need to get confirmation on this with your account manager and can involve local legal teams as required. Thanks for your understanding.

Thanks

Saurabh

Answer 2

Hi there, this is still confusing to me. I read the Azure OpenAI service is GA from january already, but the most recent models always start in preview, what does this say about the Azure OpenAI service as a whole, will the fact that adding models (which will be a regular occurence) will keep the service forever in preview and never GDPR compliant? That sounds strange, because data protection and GDPR compliance is probably one of the key selling points in comparison to employing the models directly from OpenAI. Any updates and maybe a roadmap would be highly appreciated.

Share via

Does Azure OpenAI fall under the DPA

2 answers

Your answer