A Collection is a selection of features, articles, comments and opinions on any given theme or topic. It allows you to stay up‑to‑date with what interests you most.
Login here to access your saved articles and followed authors.
We have sent you an email so you can reset your password.
Sorry, we had a problem.
Tags related to this article
Published 1 April 2015
Amazon Web Services (AWS) Data Processing Agreement has been approved by WP29 as sufficient to meet the requirements of Article 236 of 95/46/EC: the provision prohibiting transfers of Personal Data outside the EEA unless an adequate level of protection is in place, implemented in the UK as Principle 8 of the DPA.
In the letter issued to AWS, WP29 states, “The EU Data Protection Authorities have analysed the arrangement proposed by Amazon Web Services” and “have concluded that the revised Data Processing Addendum is in line with Standard Contractual Clause 2010/87/EU and should not be considered as ‘ad-hoc’ clauses.”
This means that AWS customers, entering into the AWS Addendum will satisfy the requirements of the 8th Principle of the DPA in the UK or its equivalent across Europe, without the need for additional authorisation from the local DPA.
The Dutch data protection authority, the CNPD, acting as the lead authority in this WP29 opinion pointed out that its confirmation was not a determination that all of Amazon's contractual arrangements are compliant with all EU data protection requirements.
To view the CNPD's announcement, please click here.
To view the letter to Amazon Web Services, please click here.
Part of our Information Security and Data Protection Newsletter and our Information Security and Data Protection Newsletter for Financial Services.
Rhiannon Webster, Hans Allnutt
Hans Allnutt, Rhiannon Webster