Customer personal data requests in Azure Digital Twins
To help keep you in control of personal data, this article describes how to identify, export, and delete personal customer data from Azure Digital Twins.
Azure Digital Twins is a developer platform for creating secure digital representations of business environments. It can be used to store information about people and places, and works with Microsoft Entra ID to identify users and administrators with access to the environment. To view, export, and delete personal data that may be referenced in a data subject request, an Azure Digital Twins administrator can use the Azure portal for users and roles, or the Azure Digital Twins REST APIs for digital twins. The Azure portal and REST APIs provide different methods for users to service such data subject requests.
Note
This article provides steps about how to delete personal data from the device or service and can be used to support your obligations under the GDPR. For general information about GDPR, see the GDPR section of the Microsoft Trust Center and the GDPR section of the Service Trust portal.
Identify personal data
Azure Digital Twins considers personal data to be data associated with its administrators and users.
Azure Digital Twins stores the Microsoft Entra ID object ID of users with access to the environment. Azure Digital Twins in the Azure portal displays user email addresses, but these email addresses aren't stored within Azure Digital Twins. They're dynamically looked up in Microsoft Entra ID, using the Microsoft Entra object ID.
The digital representations called digital twins in Azure Digital Twins represent entities in real-world environments, and are associated with identifiers. Microsoft maintains no information and has no access to data that would allow identifiers to be correlated to users. Many of the digital twins in Azure Digital Twins don't directly represent personal entities—typical objects represented might be an office meeting room, or a factory floor. However, users may consider some entities to be personally identifiable, and at their discretion may maintain their own asset or inventory tracking methods that tie digital twins to individuals. Azure Digital Twins manages and stores all data associated with digital twins as if it were personal data.
Regional replication
By default, the customer data stored in Azure Digital Twins is replicated to the corresponding geo-paired region for disaster recovery capabilities. For regions with built-in data residency requirements, customer data is always kept within the same region.
For more information about regional replication and disaster recovery in Azure Digital Twins, see Cross region DR.
Export personal data
Azure Digital Twins stores data related to digital twins. Users can retrieve and view this data through the Azure Digital Twins REST APIs, and export this data using copy and paste.
Customer account data, including user roles and role assignments, can be selected, copied, and pasted from the Azure portal.
Delete personal data
Azure Digital Twins administrators can use the Azure portal to delete data related to Azure user accounts. It's also possible to perform delete operations on individual digital twins, using the Azure Digital Twins REST APIs. For more information about the APIs and how to use them, see Azure Digital Twins REST APIs documentation.
Links to more documentation
For a full list of the Azure Digital Twins service APIs, see the Azure Digital Twins REST APIs documentation.