AWS 服務的隱私權功能
AWS 非常重視您的隱私權,我們提供現今最靈活且最安全的雲端運算環境。使用 AWS,您即可擁有自己的資料、控制資料的位置,並控管資料的存取權。我們很清楚地公開 AWS 服務會如何處理您上傳至 AWS 帳戶的個人資料 (客戶資料);我們提供各種功能,方便您加密、刪除並監控對您客戶資料的處理程序。
使用 AWS 服務時,您可以確信您的客戶資料就放置在您所選取的 AWS 區域中。有小部分 AWS 服務涉及客戶資料傳輸,例如,為了開發和改善特定服務,在這種情況下您可以選擇退出傳輸;或者因為傳輸本身就是服務的主要部分 (例如內容交付服務)。我們禁止且我們的系統旨在防止 AWS 人員出於任何目的 (包括服務維護) 從遠端存取客戶資料,除非您自己要求,或用於防止欺詐和濫用,或是為了遵守法律需要,才可存取。有關 AWS 如何設計其系統以防止 AWS 人員未經授權存取客戶資料的更多資訊,您可以在我們的 AWS 上的運算子存取網頁上進一步了解。
以下我們將提供 AWS 服務之主要隱私權功能的概觀,供您用來執行資料傳輸的相關評估,並可符合歐洲聯盟法院的 Schrems II 決議以及歐洲資料保護委員會針對輔助傳輸工具所提出措施的 01/2020 建議。如需更多資訊,請參閱我們關於 在 AWS 上因應 GDPR 合規性的白皮書。
請參閱 AWS 安全文件,以了解下列 AWS 服務如何讓客戶能夠對其客戶資料的處理進行加密、刪除及監控的更多資訊。
| AWS 服務 | 客戶可以加密 | 客戶可以刪除 | 客戶可以監控處理程序 | 無遠端存取* |
|---|---|---|---|---|
| Amazon API Gateway | ✓ | ✓ | ✓ | ✓ |
| Amazon AppFlow | ✓ | ✓ | ✓ | ✓
|
| Amazon AppStream 2.0 | ✓ | ✓ | ✓ | ✓
|
| Amazon AppStream 2.0 使用者集區 | ✓ | ✓ | ✓ | ✓
|
| Amazon Athena | ✓ | ✓ | ✓ | ✓
|
| Amazon Augmented AI (A2I) | ✓ | ✓
|
✓ | ✓ |
| Amazon Aurora | ✓ | ✓ | ✓ | ✓
|
| Amazon Bedrock1 | ✓ | ✓ | ✓ | ✓
|
| Amazon Braket | ✓ | ✓ | ✓ | ✓ |
| Amazon Chime | ✓ | ✓ | ✓ | ✓
|
| Amazon 雲端目錄 | ✓ | ✓ | ✓ | ✓
|
| Amazon CloudFront | ✓ | ✓ | ✓ | ✓
|
| Amazon CloudWatch | ✓ | ✓ | ✓ | ✓
|
| Amazon CloudWatch Logs
|
✓ | ✓ | ✓ | ✓
|
| Amazon CodeGuru Profiler | ✓ | ✓ | ✓ | ✓ |
| Amazon CodeGuru Reviewer | ✓ | ✓ | ✓ | ✓
|
| Amazon Cognito | ✓ | ✓ | ✓ | ✓
|
| Amazon Comprehend | ✓ | ✓ | ✓ | ✓
|
| Amazon Connect2 | ✓ | ✓ | ✓ | ✓
|
| Amazon Detective | ✓ | ✓ | ✓ | ✓
|
| Amazon DocumentDB (with MongoDB compatibility) | ✓ | ✓ | ✓ | ✓
|
| Amazon DynamoDB | ✓ | ✓ | ✓ | ✓
|
| Amazon Elastic Block Store (Amazon EBS) | ✓ | ✓ | ✓ | ✓
|
| Amazon Elastic Compute Cloud (Amazon EC2) | ✓ | ✓ | ✓ | ✓
|
| Amazon Elastic Container Registry (Amazon ECR) | ✓ | ✓ | ✓
|
✓
|
| Amazon Elastic Container Service (Amazon ECS) | ✓ | ✓ | ✓ | ✓
|
| Amazon Elastic File System (Amazon EFS) | ✓ | ✓
|
✓
|
✓
|
| Amazon Elastic Kubernetes Service (Amazon EKS) | ✓ | ✓
|
✓
|
✓
|
| Amazon ElastiCache for Memcached3 | ✓2 | ✓ | ✓
|
✓
|
| Amazon ElastiCache for Redis | ✓ | ✓
|
✓
|
✓
|
| Amazon EMR | ✓ | ✓
|
✓
|
✓
|
| Amazon EventBridge | ✓ | ✓
|
✓
|
✓
|
| Amazon Forecast | ✓ | ✓
|
✓
|
✓ |
| Amazon Fraud Detector | ✓ | ✓
|
✓
|
✓
|
| Amazon FSx for Lustre | ✓ | ✓ | ✓
|
✓
|
| Amazon FSx for ONTAP | ✓ | ✓
|
✓
|
✓
|
| Amazon FSx for OpenZFS | ✓ | ✓
|
✓
|
✓
|
| Amazon FSx for Windows File Server | ✓ | ✓
|
✓
|
✓
|
| Amazon GameLift | ✓ | ✓
|
✓
|
✓
|
| Amazon GuardDuty | ✓ | ✓
|
✓
|
✓
|
| Amazon Healthlake | ✓ | ✓ | ✓ | ✓
|
| Amazon Inspector | ✓ | ✓
|
✓
|
✓
|
| Amazon Inspector Classic | ✓ | ✓
|
✓
|
✓
|
| Amazon Interactive Video Service (IVS) | ✓ | ✓
|
✓
|
✓
|
| Amazon Kendra | ✓ | ✓
|
✓
|
✓
|
| Amazon Keyspaces | ✓ | ✓ | ✓ | ✓
|
| 適用於 Java 應用程式的 Amazon Managed Service for Apache Flink | ✓ | ✓
|
✓
|
✓
|
| 適用於 SQL 應用程式的 Amazon Managed Service for Apache Flink | ✓ | ✓
|
✓
|
✓
|
| Amazon Kinesis Data Firehose | ✓ | ✓
|
✓
|
✓
|
| Amazon Kinesis Data Streams | ✓ | ✓
|
✓
|
✓
|
| Amazon Kinesis VideoStreams | ✓ | ✓
|
✓
|
✓
|
| Amazon Lex | ✓ | ✓
|
✓
|
✓
|
| Amazon Lightsail | ✓ | ✓
|
✓
|
✓
|
| Amazon Location Service | ✓ | ✓
|
✓
|
✓
|
| Amazon Macie | ✓ | ✓
|
✓
|
✓
|
| Amazon Managed Blockchain (AMB) | ✓ | ✓
|
✓
|
✓
|
| Amazon Managed Service for Grafana (AMG) | ✓ | ✓
|
✓
|
✓
|
| Amazon Managed Service for Prometheus (AMP) | ✓ | ✓
|
✓
|
✓
|
| Amazon Managed Streaming for Kafka (MSK) | ✓ | ✓
|
✓
|
✓
|
| Amazon Managed Workflows for Apache Airflow(MWAA) | ✓ | ✓
|
✓
|
✓
|
| Amazon MemoryDB for Redis | ✓ | ✓
|
✓
|
✓
|
| Amazon MQ | ✓ | ✓
|
✓
|
✓
|
| Amazon Neptune | ✓ | ✓
|
✓
|
✓
|
| Amazon OpenSearch Service | ✓ | ✓ | ✓ | ✓
|
| Amazon Personalize | ✓ | ✓ | ✓ | ✓
|
| Amazon Pinpoint | ✓ | ✓ | ✓ | ✓
|
| Amazon Polly | ✓ | ✓ | ✓ | ✓
|
| Amazon Q Business | ✓ | ✓ | ✓ | ✓
|
| Amazon Q Developer | ✓ | ✓ | ✓ | ✓
|
| Amazon QuickSight2 | ✓ | ✓ | ✓ | ✓
|
| Amazon Redshift | ✓ | ✓ | ✓ | ✓
|
| Amazon Rekognition | ✓ | ✓
|
✓
|
✓
|
| Amazon Relational Database Service (Amazon RDS) | ✓ | ✓
|
✓
|
✓
|
| Amazon SageMaker | ✓ | ✓
|
✓
|
✓ |
| Amazon Simple Email Service (Amazon SES) | ✓ | ✓
|
✓
|
✓
|
| Amazon Simple Notification Service (Amazon SNS) | ✓ | ✓
|
✓
|
✓
|
| Amazon Simple Queue Service (Amazon SQS) | ✓ | ✓ | ✓ | ✓
|
| Amazon Simple Storage Service (Amazon S3) | ✓ | ✓
|
✓
|
✓
|
| Amazon Simple Storage Service Glacier | ✓ | ✓
|
✓
|
✓
|
| Amazon Simple Workflow Service (Amazon SWF) | ✓ | ✓
|
✓
|
✓
|
| Amazon Textract | ✓ | ✓
|
✓
|
✓
|
| Amazon Timestream | ✓ | ✓
|
✓
|
✓
|
| Amazon Transcribe
|
✓ | ✓
|
✓
|
✓
|
| Amazon Translate | ✓ | ✓
|
✓
|
✓
|
| Amazon Virtual Private Cloud (Amazon VPC) | ✓ | ✓
|
✓
|
✓
|
| Amazon WorkDocs | ✓ | ✓
|
✓
|
✓
|
| Amazon WorkLink | ✓ | ✓
|
✓
|
✓
|
| Amazon WorkMail | ✓ | ✓
|
✓
|
✓
|
| Amazon WorkSpaces
|
✓ | ✓
|
✓
|
✓
|
| Amazon WorkSpaces Application Manager (Amazon WAM) | ✓ | ✓
|
✓
|
✓
|
| AWS Amplify | ✓ | ✓
|
✓
|
✓
|
| AWS App Mesh | ✓ | ✓
|
✓
|
✓
|
| AWS App Runner | ✓ | ✓ | ✓
|
✓
|
| AWS Application Discovery Service | ✓
|
✓
|
✓
|
✓
|
| AWS Application Migration Service | ✓
|
✓
|
✓
|
✓
|
| AWS AppSync | ✓
|
✓
|
✓
|
✓
|
| AWS Audit Manager | ✓
|
✓
|
✓
|
✓
|
| AWS Backup | ✓
|
✓
|
✓
|
✓
|
| AWS Certificate Manager (ACM) | ✓
|
✓
|
✓
|
✓
|
| AWS Clean Rooms | ✓
|
✓
|
✓
|
✓
|
| AWS Cloud9 | ✓
|
✓
|
✓
|
✓
|
| AWS CloudFormation | ✓
|
✓
|
✓
|
✓
|
| AWS CloudHSM | ✓
|
✓
|
✓
|
✓
|
| AWS CloudShell | ✓
|
✓
|
✓
|
✓
|
| AWS CloudTrail | ✓
|
✓
|
✓
|
✓
|
| AWS CodeArtifact | ✓
|
✓
|
✓
|
✓ |
| AWS CodeBuild | ✓
|
✓
|
✓
|
✓
|
| AWS CodeCommit | ✓
|
✓
|
✓
|
✓
|
| AWS CodeDeploy | ✓
|
✓
|
✓
|
✓
|
| AWS CodePipeline | ✓
|
✓
|
✓
|
✓
|
| AWS CodeStar | ✓
|
✓
|
✓
|
✓
|
| AWS Config | ✓
|
✓
|
✓
|
✓
|
| AWS Control Tower | ✓
|
✓
|
✓
|
✓
|
| AWS Database Migration Service (AWS DMS) | ✓
|
✓
|
✓
|
✓
|
| AWS Data Exchange | ✓
|
✓
|
✓
|
✓
|
| AWS DataSync | ✓
|
✓
|
✓
|
✓
|
| AWS Device Farm | ✓
|
✓
|
✓
|
✓
|
| AWS DevOps 代理程式 | ✓ | ✓ | ✓ | ✓ |
| AWS Direct Connect | ✓
|
✓
|
✓
|
✓
|
| AWS Directory Service | ✓
|
✓
|
✓
|
✓
|
| AWS Elastic Beanstalk | ✓
|
✓
|
✓
|
✓
|
| AWS Elastic 災難復原 | ✓
|
✓
|
✓
|
✓
|
| AWS Elastic Transcoder | ✓
|
✓
|
✓
|
✓
|
| AWS Elemental MediaConnect | ✓
|
✓
|
✓
|
✓
|
| AWS Elemental MediaConvert
|
✓
|
✓
|
✓
|
✓
|
| AWS Elemental MediaLive
|
✓
|
✓
|
✓
|
✓
|
| AWS Elemental MediaPackage | ✓
|
✓
|
✓
|
✓
|
| AWS Elemental MediaStore | ✓
|
✓
|
✓
|
✓
|
| AWS Entity Resolution | ✓
|
✓
|
✓
|
✓
|
| AWS Fargate | ✓
|
✓
|
✓
|
✓
|
| AWS Firewall Manager | ✓
|
✓
|
✓
|
✓
|
| AWS Global Accelerator | ✓
|
✓
|
✓
|
✓
|
| AWS Glue | ✓
|
✓
|
✓
|
✓
|
| AWS Glue DataBrew | ✓
|
✓
|
✓
|
✓
|
| AWS IAM Identity Center | ✓
|
✓
|
✓
|
✓
|
| AWS IoT Analytics | ✓
|
✓
|
✓
|
✓
|
| AWS IoT Core | ✓
|
✓
|
✓
|
✓
|
| AWS IoT Device Management | ✓
|
✓
|
✓
|
✓
|
| AWS IoT Events | ✓
|
✓
|
✓
|
✓
|
| AWS IoT Greengrass V1
|
✓
|
✓
|
✓
|
✓
|
| AWS IoT Greengrass V2 | ✓
|
✓
|
✓
|
✓
|
| AWS IoT SiteWise | ✓
|
✓
|
✓
|
✓
|
| AWS IoT Things Graph | ✓
|
✓
|
✓
|
✓
|
| AWS IQ | ✓
|
✓
|
✓
|
✓
|
| AWS Key Management Service (KMS) | ✓
|
✓
|
✓
|
✓
|
| AWS Lake Formation | ✓
|
✓
|
✓
|
✓
|
| AWS Lambda | ✓
|
✓
|
✓
|
✓
|
| AWS License Manager | ✓
|
✓
|
✓
|
✓
|
| AWS Migration Hub | ✓
|
✓
|
✓
|
✓
|
| AWS Outposts | ✓
|
✓
|
✓
|
✓
|
| AWS 安全代理程式 | ✓ | ✓ | ✓ | ✓ |
| AWS Secrets Manager | ✓
|
✓
|
✓
|
✓
|
| AWS Security Hub CPSM | ✓
|
✓
|
✓
|
✓
|
| AWS Security Hub | ✓
|
✓
|
✓
|
✓
|
| AWS Serverless Application Repository
|
✓
|
✓
|
✓
|
✓
|
| AWS Service Catalog | ✓
|
✓
|
✓
|
✓
|
| AWS Snowball Edge
|
✓
|
✓
|
✓
|
✓
|
| AWS Snowcone | ✓
|
✓
|
✓
|
✓
|
| AWS Snowmobile | ✓
|
✓
|
✓
|
✓
|
| AWS Step Functions | ✓
|
✓
|
✓
|
✓
|
| 適用於 FSx File Gateway 的 AWS Storage Gateway | ✓
|
✓
|
✓
|
✓
|
| 適用於 S3 File Gateway 的 AWS Storage Gateway | ✓
|
✓
|
✓
|
✓
|
| 適用於 Tape Gateway 的 AWS Storage Gateway | ✓
|
✓
|
✓
|
✓
|
| 適用於 Volume Gateway 的 AWS Storage Gateway | ✓
|
✓
|
✓
|
✓
|
| AWS Supply Chain2 | ✓
|
✓ | ✓
|
✓
|
| AWS Systems Manager | ✓
|
✓
|
✓
|
✓
|
| AWS Transfer Family | ✓
|
✓
|
✓
|
✓
|
| AWS Transform | ✓
|
✓
|
✓
|
✓
|
| AWS WAF | ✓
|
✓
|
✓
|
✓
|
| AWS X-Ray | ✓
|
✓
|
✓
|
✓
|
| CloudEndure Disaster Recovery (AWS 旗下公司) | ✓
|
✓
|
✓
|
✓
|
| CloudEndure Migration (AWS 旗下公司) | ✓
|
✓
|
✓
|
✓
|
| FreeRTOS | ✓
|
✓
|
✓
|
✓
|
| Kiro | ✓
|
✓
|
✓
|
✓
|
* 除非您請求存取,否則必須確保存取免遭欺詐和濫用,或必須確保存取合法。
1 處理與您選擇的基礎模型 (FM) 一起執行。
2 如需有關 Amazon Q 的資訊,請參閱適用的服務文件。
3 Amazon ElastiCache for Memcached 支援傳輸中加密。根據設計,Memcached 不提供持久磁碟儲存,只在客戶應用程式所需的時間內將資料儲存在記憶體中。選擇 r6g 和 m6g 系列類型的 Graviton 執行個體時,ElastiCache 也會支援記憶體加密。所有資料儲存 AWS 服務都提供加密。
客戶資料的傳輸
對於一小部分服務而言,將資料從您所選取的 AWS 區域傳輸出去,是該服務的一項必要功能。例如,如果您選擇透過 Amazon Simple Notification Service 傳送訊息給收件人,這些訊息的內容將會被傳輸至收件人所在的位置。請參閱下方類似 AWS 服務的清單。
- Amazon AppStream 2.0 使用者集區
- Amazon Chime
- Amazon CloudFront
- Amazon Cognito*
- AWS IAM Identity Center**
- Amazon Interactive Video Service (IVS)
- Amazon Location Service
- AWS End User Messaging (舊稱 Amazon Pinpoint)
- Amazon Simple Email Service
- Amazon Simple Notification Service
- Amazon WorkMail
- AWS Elemental MediaConnect
- AWS IoT Core***
* 在某些情況下,Amazon Cognito 會使用 Amazon Simple Email Service (Amazon SES) 來傳送使用者電子郵件,並使用 Amazon Simple Notification Service (Amazon SNS) 來傳送使用者簡訊。如果區域中無法使用 Amazon SES,Amazon Cognito 會呼叫不同 AWS 區域中的 Amazon SES 端點。您可在這裡找到更多資訊。同樣,如果區域中無法使用 Amazon SNS,Amazon Cognito 會呼叫不同 AWS 區域中的 Amazon SNS 端點。您可在這裡找到更多資訊。
** 在某些情況下,AWS IAM Identity Center 使用 Amazon Simple Email Service (Amazon SES) 來傳送使用者電子郵件。如果區域中無法使用 Amazon SES,IAM Identity Center 會呼叫不同 AWS 區域中的 Amazon SES 端點。您可在這裡找到更多資訊。
*** 在您使用 IoT Core for Amazon Sidewalk 功能,或啟用 HERE 支援的裝置位置功能時。
此外,我們部分服務會使用跨區域推論來提升效能或基於其他技術原因,例如協助客戶擴展其生成式 AI 工作負載。請參閱此處以了解跨區域推論服務及 AWS 文件的更多資訊。
部分 AWS 服務可能涉及傳輸客戶資料以開發及改善該等服務。您可以透過使用適用的服務條款或 AWS 文件中所述之退出機制,選擇退出此類傳輸。
- Amazon CodeGuru Profiler
- Amazon Comprehend
- Amazon Connect*
- Amazon Fraud Detector
- Amazon GuardDuty**
- Amazon Lex
- Amazon Polly
- Amazon Q Developer 免費方案
- Amazon Rekognition
- Amazon SageMaker Data Agent
- Amazon Textract
- Amazon Transcribe
- Amazon Translate
- AWS Entity Resolution
- AWS Security Hub
- AWS Supply Chain
- AWS Transform
- Kiro 免費方案/個人訂閱用戶
* 此項目涵蓋例如:Contact Lens for Amazon Connect、Amazon Connect Customer Profiles、Amazon Connect Outbound Campaigns、Amazon Q in Connect,以及 Amazon Connect 預測、產能規劃與排程。請參閱服務條款 54.7。
** 如果您已啟用新的 Amazon GuardDuty 惡意軟體防護功能,則此 AWS 服務將進行傳輸。
AWS European Sovereign Cloud
對於 AWS European Sovereign Cloud,將資料移出您所選取的 AWS 區域或由 AWS 人員進行遠端存取,其限制比上述情況更為嚴格,如 AWS European Sovereign Cloud 概覽及 AWS European Sovereign Cloud 增補合約白皮書中所述。