The European Union's data protection authorities have approved Amazon Web Services’ (AWS) data processing agreement (DPA), giving European businesses and governments the all-clear to use Amazon’s datacentres.
Werner Vogels, chief technology officer at Amazon.com, said: “Providing customers with a DPA that has been approved by the EU data protection authorities is another way in which we are giving them assurances that they will receive the highest levels of data protection."
The agreement means organisations will be able to run applications and host data in 11 AWS regions around the globe, including two in the EU – Ireland (Dublin) and Germany (Frankfurt).
Amazon said the approval means AWS’s customers will be able to replicate EU data to other AWS datacentres outside the European Economic Area. As such, organisations can now move data, in accordance with European laws, to any AWS infrastructure region around the world.
The European data authorities' Article 29 working party said: “The EU data protection authorities have analysed the arrangement proposed by Amazon Web Services and have concluded that the revised data processing addendum is in line with standard contractual clause 2010/87/EU and should not be considered as ‘ad-hoc’ clauses.
Read more on AWS
“This means customers can sign the AWS data processing addendum with model clauses without the need for authorisation from data protection authorities, as would be necessary for contract clauses intended to address EU privacy rules that have not been approved, known as 'ad-hoc' clauses.”
Antanas Guoga, Member of the European Parliament, said: “I believe the Article 29 working party's decision to approve the data processing agreement put forward by Amazon Web Services is a step in the right direction. I am pleased to see that AWS puts an emphasis on the protection of European customer data. I hope this decision will also help to drive further innovation in the cloud computing sector across the EU.”
Oil company Shell is among the big users of AWS in Europe.
Read more on Regulatory compliance and standard requirements
Why data exports from the EU will be challenging without Privacy Shield
EU court opinion finds EU-US data transfers lawful but raises questions over Privacy Shield
EC fines Google €1.49bn for abusing ad market dominance
US and UK days away from European Parliament ultimatum to suspend data transfers to the US