![]() Yes, AWS customers can continue to use AWS services to transfer customer data from Europe to countries outside the EEA who have not received an adequacy decision from the European Commission. Can I continue to use AWS services following the Schrems II ruling?.See FAQ “ Can I continue to use AWS services following the Schrems II judgement?" below for details on AWS’s data transfer resources. The EDPB Recommendations provide data exporters with examples of supplementary measures that could be put in place. The European Data Protection Board (EDPB), a European body composed of representatives of the national data protection authorities, has since provided a non-exhaustive list of supplementary measures in its “Recommendations 01/2020 on measures that supplement transfer tools to ensure compliance with the EU level of protection of personal data” (EDPB Recommendations). ![]() However, in the same ruling, the CJEU confirmed that companies can (subject to implementing supplementary measures, if required) continue to use Standard Contractual Clauses as a valid mechanism for transferring personal data outside of the EEA. In Schrems II, the CJEU ruled that the EU-US Privacy Shield was no longer a valid mechanism to transfer personal data from the EEA to the US. On 16 July 2020, the Court of Justice of the European Union (CJEU) issued a ruling regarding the transfer of personal data of EU individuals outside the EEA (Schrems II). What are the Standard Contractual Clauses (SCCs)?.Please see the AWS Privacy Notice for details on how AWS processes personal data as a controller. email addresses provided during the account registration) for account registration, administration, services access, or contact information for the AWS account to provide assistance through customer support activities – it acts as a data controller. AWS as a data controller – When AWS collects personal data and determines the purposes and means of processing that personal data – for example, when AWS stores account information (e.g.The AWS DPA, which includes Standard Contractual Clauses, is part of the AWS Service Terms and is automatically available for all customers who require this to comply with the GDPR. AWS offers a GDPR-compliant AWS Data Processing Addendum (AWS DPA) that incorporates AWS’s commitments as data processor. ![]() Under these circumstances, the customer may act as a data controller or data processor itself, and AWS acts as a data processor or sub-processor. Customers can use the controls available in AWS services, including security configuration controls, for the handling of personal data. AWS as a data processor – When customers use AWS services to process personal data in the content they upload to the AWS services, AWS acts as a data processor. ![]() Please see our customer update on the EU-US Privacy Shield and our blog posts on the Supplementary Addendum to the AWS Data Processing Addendum and the CISPE Data Protection Code of Conduct for additional information.ĪWS acts as both a data processor and a data controller under the GDPR. We list the AWS services that involve a data transfer of customer data on our Privacy Features webpage.Īs the regulatory and legislative landscape evolves, we will always work to ensure that our customers can continue to enjoy the benefits of AWS services wherever they operate. At AWS, our highest priority is securing customer data, and we implement rigorous technical and organizational measures to protect its confidentiality, integrity, and availability, regardless of which AWS Region the customer has selected. We know that transparency matters to our customers. AWS customers can continue to use AWS services to transfer customer data from the EEA to non-EEA countries that have not received an adequacy decision from the European Commission (including the United States) in compliance with the GDPR.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |