Data Protection in Germany
Data protection is a top priority at AWS. We provide services for hundreds of thousands of organizations, including enterprises, educational institutions, and government agencies in over 190 countries. Our customers, who entrust us with some of their most sensitive information, include financial service providers and healthcare providers.
AWS is designed so that customers can control where and how their content is stored and who has access to it.
Customers Maintain Control of their Content Upon Creation and Across Every AWS Service
Using the following options, AWS customers control content throughout its lifecycle, including content classification, access control, retention, and deletion:
• Define where the content is located, for example the type and geographic location of storage.
• Define the format of the content, for example: plain text, masked, anonymized, or encrypted.
• Use further access controls such as identity and access management and security credentials.
AWS and "Standard Contractual Clauses"
Standard Contractual Clauses are a set of standard provisions defined and approved by the European Commission that can be used to enable personal data to be transferred in a compliant way by a data controller to a data processor outside the European Economic Area.
Customer Control Over Personal Information
The AWS Privacy Notice describes how we collect and use personal data that customers provide us in connection with the AWS website or marketing activities and products and services from AWS and its affiliated companies (e.g., the personal data that customers enter into our system when opening their AWS account). The Privacy Notice applies to this personal data but not to content that our customers store in our systems. AWS Services are designed so that customers have control over their content, including where and how their content is stored and who has access to it. Further information on how customers can use AWS in accordance with EU data protection requirements can be found in our EU Data Protection Whitepaper.
Does the AWS Data Processing Agreement apply the Standard Contractual Clauses?
The Article 29 Working Party has confirmed that the AWS Data Processing Agreement meets the requirements of the Directive with respect to the Standard Contractual Clauses. This means that the AWS Data Processing Agreement is not an "ad-hoc contract."
The Luxembourg Data Protection Authority (CPND) acted as the lead authority on behalf of the Article 29 Working Party in accordance with the procedures of the Article 29 Working Party.
Click here for more information on how customers can enter into the AWS Data Protection Agreement (login required).