Does Azure OpenAI fall under the DPA

Philipp 5 Reputation points
2023-09-07T17:29:27.46+00:00

Does Azure OpenAI fall under the Microsoft DPA (Microsoft Products and Services Data Protection Addendum)? The DPA clearly excludes Previews from the DPA, but Azure OpenAI is classed as a Limited Access Version in the legal documents. So I am not clear whether the DPA applies to it or it is excluded because it is a Preview.

DPA:

"Previews may employ lesser or different privacy and security measures than those typically present in the Products and Services. Unless otherwise noted, Customer should not use Previews to process Personal Data or other data that is subject to legal or regulatory compliance requirements. For Products, the following terms in this DPA do not apply to Previews: Processing of Personal Data; GDPR, Data Security, and HIPAA Business Associate."

If the DPA (or parts of it) do not apply because it is a Preview, then this would cause significant compliance risk.

Thank you for your help in advance.

Azure OpenAI Service
Azure OpenAI Service
An Azure service that provides access to OpenAI’s GPT-3 models with enterprise capabilities.
4,092 questions
{count} votes

2 answers

Sort by: Most helpful
  1. Saurabh Sharma 23,851 Reputation points Microsoft Employee Moderator
    2023-09-07T21:34:16.2766667+00:00

    Hi @Philipp ,

    Thanks for sharing the details. This will help other community members.

    Resolution from OP ( @Philipp ) Posting as Answer, to help other find this resolution.

    Update: I got confirmation from Microsoft Support that Azure OpenAI is a Preview and therefore the exclusion clause in the Microsoft Products and Services Data Protection Addendum applies. This means that Azure OpenAI cannot be used with any personal data (GDPR) as the necessary compliance requirements for DPAs are not fulfilled.

    Please "Accept the answer" to help others in the community.

    Thanks

    Saurabh


  2. Alfons Looman 0 Reputation points
    2023-11-11T12:52:57.76+00:00

    Hi there, this is still confusing to me. I read the Azure OpenAI service is GA from january already, but the most recent models always start in preview, what does this say about the Azure OpenAI service as a whole, will the fact that adding models (which will be a regular occurence) will keep the service forever in preview and never GDPR compliant? That sounds strange, because data protection and GDPR compliance is probably one of the key selling points in comparison to employing the models directly from OpenAI. Any updates and maybe a roadmap would be highly appreciated.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.