EU Data Protection Directive

Overview

EUAWSLogo

The EU Data Protection Directive (also known as Directive 95/46/EC) is a regulation that covers the processing of personal data and on the free movement of such data. Broadly, this Directive sets out a number of data protection requirements which apply when personal data is being processed.

The General Data Protection Regulation, adopted in April 2016, will supersede the Data Protection Directive and will be enforceable starting on 25 May 2018.

  • Does AWS offer a Data Processing Addendum (DPA)?

    Yes. For more information on how customers can enter into the AWS Data Processing Addendum, please visit here (sign-in required).

  • Does the AWS Data Processing Addendum contain the Model Clauses?

    The Article 29 Working Party has approved the AWS Data Processing Addendum, which includes the Model Clauses. The Article 29 Working Party has found that the AWS Data Processing Addendum meets the requirements of the Directive with respect to Model Clauses. This means that the AWS Data Processing Addendum is not considered “ad hoc”. For more detail on the approval of the AWS Data Processing Addendum from the Article 29 Working Party, please visit https://cnpd.public.lu/en/actualites/international/2015/03/AWS.html

    The Luxembourg Data Protection Authority (the CNPD) acted as the lead authority on behalf of the Article 29 Working Party in accordance with procedure of the Article 29 Working Party.

    For more information on how customers can enter into the AWS Data Processing Addendum, please visit here (sign-in required).

  • What does this mean for customers?

    AWS customers that collect and store personal information in the Cloud are Data Controllers in the sense of Directive 95/46/EC.

    More information can be found about the role of the customer and AWS in the section “Data Protection in the EU The Directive” in the AWS "Whitepaper on EU Data Protection".

  • What are the “Model Clauses”?

    The Standard Contractual Clauses (also known as "model clauses") are a set of standard provisions defined and approved by the European Commission that can be used to enable personal data to be transferred in a compliant way by a data controller to a data processor outside the European Economic Area.

  • What is the Article 29 Working Party?

    The Article 29 Working Party was set up under the EU Data Protection Directive of the European Parliament and of the Council. It is made up of representatives from the data protection authorities of all the EU Member States as well as from the European Commission. The Article 29 Working Party works to harmonise the application of data protection rules throughout the EU and also advises the EU Commission on the adequacy of data protection standards in non-EU countries.

  • Now that the EU-U.S. Safe Harbour program has been ruled invalid, can customers still use AWS and comply with EU law?

    Security of our customers' data is our number one priority, and AWS has already obtained approval from EU data protection authorities, known as the Article 29 Working Party, of the AWS Data Processing Addendum and Model Clauses to enable transfer of data outside Europe, including to the U.S. With our EU-approved Data Processing Addendum and Model Clauses, AWS customers can continue to run their global operations using AWS in full compliance with EU law. The AWS Data Processing Addendum is available to all AWS customers that are processing personal data whether they are established in Europe or a global company operating in the European Economic Area.

    For more information on how customers can enter into the AWS Data Processing Addendum, please visit here (sign-in required).

  • Is AWS certified under the EU-US Privacy Shield?

    Yes. Amazon.com, Inc. is certified under the EU-US Privacy Shield and AWS is covered under this certification. This helps customers who choose to transfer personal data to the US to meet their data protection obligations. Amazon.com Inc’s certification can be found on the EU-US Privacy Shield website here: https://www.privacyshield.gov/list

    To learn more about this topic in the context of AWS, visit our EU-US Privacy Shield page.

compliance-contactus-icon
Have Questions? Connect with an AWS Compliance Representative
Exploring compliance roles?
Apply today »
Want AWS Compliance updates?
Follow us on Twitter »