AWS Security Blog

Customer Update—AWS and EU Safe Harbor

by Stephen Schmidt | on | in Announcements, Compliance | | Comments

Recently, the European Court of Justice determined that the 15-year-old US-EU Safe Harbor framework is no longer valid for the transfer of personal data from the European Economic Area (EEA) to the US.

At AWS, we know customers care deeply about privacy and data security; we optimize our work to get these issues right for our customers around the world. Today, we’d like to confirm for customers and partners that they can continue to use AWS to transfer their customer content from the EEA to the US, without altering workloads, and in compliance with EU law. This is possible because AWS has already obtained approval from EU data protection authorities (known as the Article 29 Working Party) of the AWS Data Processing Addendum and Model Clauses to enable transfer of personal data outside Europe, including to the US with our EU-approved Data Processing Addendum and Model Clauses. AWS customers can continue to run their global operations using AWS in full compliance with the EU Data Protection Directive (Directive 95/46/EC). The AWS Data Processing Addendum is available to all AWS customers who are processing personal data whether they are established in Europe or a global company operating in the EEA. For additional information, please visit AWS EU Data Protection FAQ.

For customers not looking to transfer personal data out of the EEA, we continue to give them all of the security, privacy, and control they have always had with AWS, such as:

  • Customers maintain ownership of their customer content and select which AWS services process, store, and host their customer content.
  • Customers determine where their customer content will be stored, allowing them to deploy AWS services in the locations of their choice, in accordance with their specific geographic requirements, including in established AWS regions in Dublin and Frankfurt.
  • Customers choose the secured state of their customer content in transit or at rest, and we provide customers with the option to manage their own encryption keys.

For additional information, please visit AWS Privacy and Data Security FAQ.

At AWS, customer trust is our top priority, and we will continue to work vigilantly to ensure that our customers are able to continue to enjoy the benefits of AWS securely, compliantly, and without disruption.

– Steve