I'd like information about Privacy Shield

AWS customers can already transfer personal data from the EU to the US in a compliant way; The EU-US Privacy Shield aims to enable the compliant transfer of personal data from data controllers in the EU to data controllers (or processors) in the US. AWS offers customers a Data Processing Addendum, including Model Clauses (Data Processing Addendum) that was approved in 2015 by the EU data protection authorities, known as the Article 29 Working Party. This Data Processing Addendum enables our customers, when using AWS to transfer personal data outside the European Economic Area (EEA), to any country, including to the US. For this reason, the EU-US Privacy Shield does not affect the way customers use, or work, with AWS. Customers can continue transferring their content from AWS’ EU regions to the US regions with the knowledge that AWS is compliant with EU data protection requirements.

Yes, AWS is certified under the EU-US Privacy Shield. View the certification here.

More details on the obligations for US service providers under the EU-US Privacy Shield can be found on the European Commission website here: http://ec.europa.eu/justice/data-protection/international-transfers/eu-us-privacy-shield/index_en.htm and on the US Department of Commerce Website here: https://www.privacyshield.gov/welcome.

AWS offers customers a number of compliance measures they can rely on to comply with European data protection laws. For example, customers are able to rely on the AWS Data Processing Addendum, which includes the Model Clauses as approved by the Article 29 Working Party (Data Processing Addendum). The Data Processing Addendum is available to all AWS customers transferring data from the EU to any of AWS regions around the world, whether in the US or not. The Data Processing Addendum gives customers the assurance that AWS will give customers’ data the same high levels of security, privacy and data protection that it would receive in the EU.

AWS customers have granular control over their data they store in the AWS cloud. AWS also enables a high level of security and maintains certification with robust security standards, such as ISO 27001, SOC 1/2/3 and PCI DSS Level 1. AWS can assist customers directly with teams of Solutions Architects, Account Managers, Consultants, Trainers and other staff in the EU who are expertly trained on cloud security and compliance to assist AWS customers in achieving high levels of security and compliance in the Cloud. AWS also helps customers meet many local security standards; for example, AWS alongside auditor TÜV TRUST IT, has published a Customer Certification Workbook that provides guidance on achieving German BSI IT Grundschutz compliance in the Cloud.

With our EU-approved Data Processing Addendum, AWS customers can run their global operations using AWS in full compliance with EU law and transfer personal data from an AWS region in the EEA to any other region in the world. This is available to all AWS customers who are processing personal data, whether they are established in Europe or are a global company operating in the EEA. The EU-US Privacy Shield is only intended to cover transfers of personal data from the EU to the US. Once AWS is certified this particular certification will only be applicable to customers who wish to transfer personal data from the EU to the US.

Customers who already have a signed Data Processing Addendum with AWS can continue to rely on that legal agreement after AWS is certified under the EU-US Privacy Shield. The EU-US Privacy Shield simply gives customers an additional compliance mechanism to rely on that specifically applies to transfers of personal data from the EU to the US. The AWS Data Processing Addendum gives customers that are transferring data from the EEA to any AWS region around the world (whether in the US or not) assurance that AWS will give their content the same high levels of security, privacy control, and data protection that it would receive in the EU. The same will be true when transferring personal data from the EU to the US under the EU-US Privacy Shield.

No. The EU-US Privacy Shield only covers customers transferring personal data from the EU to the US. The AWS Data Processing Addendum with Model Clauses covers customers transferring personal data from the EEA to any of the AWS regions around the world, including the US.

The EU-US Privacy Shield simply covers transfers of personal data from the EU to the US. Once AWS is certified, this will provide a further basis for AWS customers to transfer personal data from an AWS region in the EEA to one in the US.

AWS already offers customers a Data Processing Addendum, including Model Clauses (Data Processing Addendum). This was approved in 2015 by the EU data protection authorities, known as the Article 29 Working Party, and it allows customers to transfer personal data from an AWS region in the EEA to one outside the EEA in full compliance with EU data protection law. The EU-US Privacy Shield is not relevant for customers that are not transferring personal data from AWS’ EU regions to the US. With AWS, customers determine which infrastructure region their personal data will be stored in, knowing it will not be moved without their doing so. This allows customers to deploy AWS services in the locations of their choice, in accordance with their specific geographic requirements, including in established AWS regions in Dublin, London and Frankfurt.

There is nothing customers need to do once they enter into the AWS Data Processing Addendum. Provided the customer complies with its own obligations as data controller or data processor, the AWS Data Processing Addendum will cover transfers of personal data by customer from any AWS region in the EEA to one outside the EEA.

Once AWS has been certified, customers wishing to contact AWS to ask questions or discuss the EU-US Privacy Shield can get in touch with a member of our team at privacyshield@amazon.com.

The Brexit announcement does not currently affect the EU-US Privacy Shield.


 

Contact Us