I'm developing a bot application in which I'm using face api and vision api. The app is streaming pictures to those apis. According to GDPR I will need consent from the user(s) of the app to send those pictures to the api. But GDPR also states that you are able to withdraw your consent, so my question is: if I have a user who has given consent, used the app and then says: "I changed my mind". Can I then guarantee that all personal information (pictures) of that person has been deleted? I'm not using personIds or personGrops or anything like that. The Face api documentation says:
Microsoft will receive the images, audio, video, and other data that you upload (via this app) and may use them for service improvement purpose
According to this it's not really clear what becomes of the actual pictures. I'm grateful for any input on this.
Since spring 2018 Microsoft updated their Online Service Terms to align the Cognitive Services with the rest of Azure services. Meaning: They do not store or use customer data:
Under the new terms, Cognitive Services customers own, and can manage and delete their customer data. With this change, many Cognitive Services are now aligned with the same terms that apply to other Azure services.
Source: https://azure.microsoft.com/en-us/blog/microsoft-updates-cognitive-services-terms/
But you are right, many sources on the web still refer to the old terms.