Update technical-faq.yml #366
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This FAQ addition addresses a common question from Japanese enterprise customers regarding compliance with the Act on the Protection of Personal Information (APPI) in the context of Microsoft Defender for Identity (MDI). Specifically, it clarifies whether end-user consent is required for overseas data transfer when using MDI. Justification and Accuracy: The content has been carefully reviewed against official guidance from Japan’s Personal Information Protection Commission (PPC), particularly Q&A 12-3, as well as legal commentaries. According to the PPC and current legal interpretations, providing personal data to Microsoft as part of using MDI is classified as “outsourcing” rather than a “provision to a third party in a foreign country.” Therefore, explicit end-user consent for cross-border data transfer is not required, as long as the proper contractual and supervisory safeguards are in place. This clarification is important for legal compliance and customer assurance. The FAQ content accurately reflects the current legal requirements and aligns with both Japanese government guidance and Microsoft’s standard contractual obligations.
|
Learn Build status updates of commit a4e9b6c: ✅ Validation status: passed
For more details, please refer to the build report. |
|
The fact has been reviewed by CELA. @Dansimp may I ask review and merge please? |
|
Learn Build status updates of commit b52cc25: ✅ Validation status: passed
For more details, please refer to the build report. |
|
Learn Build status updates of commit 9d7fc09: ✅ Validation status: passed
For more details, please refer to the build report. |
|
@DebLanger may I ask please have a look at and make it publish? |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This FAQ addition addresses a common question from Japanese enterprise customers regarding compliance with the Act on the Protection of Personal Information (APPI) in the context of Microsoft Defender for Identity (MDI). Specifically, it clarifies whether end-user consent is required for overseas data transfer when using MDI.
Justification and Accuracy:
The content has been carefully reviewed against official guidance from Japan’s Personal Information Protection Commission (PPC), particularly Q&A 12-3, as well as legal commentaries. According to the PPC and current legal interpretations, providing personal data to Microsoft as part of using MDI is classified as “outsourcing” rather than a “provision to a third party in a foreign country.” Therefore, explicit end-user consent for cross-border data transfer is not required, as long as the proper contractual and supervisory safeguards are in place.
This clarification is important for legal compliance and customer assurance. The FAQ content accurately reflects the current legal requirements and aligns with both Japanese government guidance and Microsoft’s standard contractual obligations.