Update technical-faq.yml#366
Conversation
This FAQ addition addresses a common question from Japanese enterprise customers regarding compliance with the Act on the Protection of Personal Information (APPI) in the context of Microsoft Defender for Identity (MDI). Specifically, it clarifies whether end-user consent is required for overseas data transfer when using MDI. Justification and Accuracy: The content has been carefully reviewed against official guidance from Japan’s Personal Information Protection Commission (PPC), particularly Q&A 12-3, as well as legal commentaries. According to the PPC and current legal interpretations, providing personal data to Microsoft as part of using MDI is classified as “outsourcing” rather than a “provision to a third party in a foreign country.” Therefore, explicit end-user consent for cross-border data transfer is not required, as long as the proper contractual and supervisory safeguards are in place. This clarification is important for legal compliance and customer assurance. The FAQ content accurately reflects the current legal requirements and aligns with both Japanese government guidance and Microsoft’s standard contractual obligations.
|
Learn Build status updates of commit a4e9b6c: ✅ Validation status: passed
For more details, please refer to the build report. |
|
The fact has been reviewed by CELA. @Dansimp may I ask review and merge please? |
|
Learn Build status updates of commit b52cc25: ✅ Validation status: passed
For more details, please refer to the build report. |
|
Learn Build status updates of commit 9d7fc09: ✅ Validation status: passed
For more details, please refer to the build report. |
|
@DebLanger may I ask please have a look at and make it publish? |
|
@akirayuppie : Thanks for your contribution! The author(s) and reviewer(s) have been notified to review your proposed change. |
|
@akirayuppie : Thanks for your contribution! The author(s) and reviewer(s) have been notified to review your proposed change. |
|
Learn Build status updates of commit 597f1b0: ✅ Validation status: passed
For more details, please refer to the build report. |
PRMerger Results
|
|
Could you review the proposed changes? IMPORTANT: When the changes are ready for publication, adding an approval and a #label:"aq-pr-triaged" |
|
@akirayuppie : Thanks for your contribution! The author(s) and reviewer(s) have been notified to review your proposed change. |
There was a problem hiding this comment.
Pull request overview
This PR adds a new entry to the Microsoft Defender for Identity technical FAQ to address a Japan-specific APPI compliance question about whether end-user consent is required for cross-border data transfer when using MDI.
Changes:
- Added a new “Licensing and privacy” FAQ Q&A covering APPI overseas transfer consent considerations for MDI.
| - question: When using Microsoft Defender for Identity (MDI), is end-user consent required for overseas data transfer under Japan’s Act on the Protection of Personal Information (APPI)? | ||
| answer: | | ||
| No, end-user consent is not required. Providing personal data to MDI constitutes “outsourcing” rather than a “provision to a third party in a foreign country” under the APPI. Therefore, explicit end-user consent for cross-border data transfer is not necessary. |
This FAQ addition addresses a common question from Japanese enterprise customers regarding compliance with the Act on the Protection of Personal Information (APPI) in the context of Microsoft Defender for Identity (MDI). Specifically, it clarifies whether end-user consent is required for overseas data transfer when using MDI.
Justification and Accuracy:
The content has been carefully reviewed against official guidance from Japan’s Personal Information Protection Commission (PPC), particularly Q&A 12-3, as well as legal commentaries. According to the PPC and current legal interpretations, providing personal data to Microsoft as part of using MDI is classified as “outsourcing” rather than a “provision to a third party in a foreign country.” Therefore, explicit end-user consent for cross-border data transfer is not required, as long as the proper contractual and supervisory safeguards are in place.
This clarification is important for legal compliance and customer assurance. The FAQ content accurately reflects the current legal requirements and aligns with both Japanese government guidance and Microsoft’s standard contractual obligations.