EU-US Privacy Shield
How does the July 2020 European Union Court of Justice ruling affect key data transfer mechanisms under the EU-US Privacy Shield?
At AWS, our highest priority is securing our customers’ data, and we implement rigorous technical and organizational measures to protect its confidentiality, integrity, and availability regardless of which AWS Region a customer has selected. Additionally, we have industry leading encryption services that give our customers a range of options to encrypt data in-transit and at rest. Since the Court of Justice of the European Union has validated the use of Standard Contractual Clauses (SCCs) as a mechanism for transferring data outside the European Union, our customers can continue to rely on the SCCs included in the AWS GDPR Data Processing Addendum if they choose to transfer their data outside the European Union in compliance with GDPR. The AWS GDPR Data Processing Addendum with Standard Contractual Clauses is part of the AWS Service Terms and is available automatically for all customers transferring personal data from the EU to any of the AWS regions around the world, including in the US.
How can I use AWS and comply with current EU Data Protection laws?
AWS offers customers a number of compliance measures they can rely on to comply with European data protection laws. For example, customers are able to rely on the AWS GDPR Data Processing Addendum, which includes the Standard Contractual Clauses. The Data Processing Addendum is available to all AWS customers transferring data from the EU to any of AWS regions around the world, whether in the US or not. The Data Processing Addendum gives customers the assurance that AWS will give customers’ data the same high levels of security, privacy and data protection that it would receive in the EU.
AWS customers have granular control over their data they store in the AWS cloud. AWS also enables a high level of security and maintains certification with robust security standards, such as ISO 27001, SOC 1/2/3 and PCI DSS Level 1. AWS can assist customers directly with teams of Solutions Architects, Account Managers, Consultants, Trainers and other staff in the EU who are expertly trained on cloud security and compliance to assist AWS customers in achieving high levels of security and compliance in the Cloud. AWS also helps customers meet many local security standards. For more information, visit AWS Compliance Programs.
Is AWS certified under the EU-US Privacy Shield?
Yes, AWS is certified under the EU-US Privacy Shield. You can view AWS’s certification here. Although the Court of Justice of the European Union issued a judgment in July 2020 declaring as invalid European Commission Decision 2016/1250 (on the adequacy of the protection provided by the EU-US Privacy Shield), this decision does not relieve participants in the EU-US Privacy Shield of their obligations under the framework.
Where can I find more information about the EU-US Privacy Shield?
More details on the obligations for US service providers under the EU-US Privacy Shield can be found on the European Commission site and on the US Department of Commerce site.
How do I lodge a complaint with AWS about how my personal data has been handled under the EU-US Privacy Shield?
Customers wishing to contact AWS with any inquiries or complaints about our handling of their personal data under the EU-US Privacy Shield can contact us at firstname.lastname@example.org.