What are the institutional and regulatory implications of this document?

1. REGULATORY LANDSCAPE: This notice engages GDPR for processing of EU and EEA resident personal data, requiring lawful basis for processing, data subject rights fulfillment, and adequate safeguards for international transfers. For California residents, the notice engages CCPA, which grants rights to know, delete, and opt out of sale of personal information; enforcement authority rests with the California Attorney General and California Privacy Protection Agency. At the federal level, the FTC A…

How does AWS's AWS Privacy Notice affect users?

The agreement establishes that AWS collects name, address, payment card information, IP address, device identifiers, and browsing activity from users of the AWS website and authorizes use of this data for targeted advertising delivered through third-party partners. Under these terms, personal data may be transferred internationally to countries with different data protection standards, and may be disclosed to law enforcement or government entities upon legal request. You can submit data access,…

How often is AWS's AWS Privacy Notice updated?

ConductAtlas monitors this document daily and captures every version with cryptographic hashing and timestamp verification. Update frequency varies — see the change timeline on this page for complete version history.

Can I get alerted when AWS updates this document?

Yes. Monitor subscribers ($19/month) can add AWS to their watchlist and receive same-day email alerts whenever this document or any other AWS document changes.

CA-D-000649

AWS Privacy Notice

AWS

Last change detected May 18, 2026 Privacy policy

SHA-256: 60c077cc945f7777afb… 2 versions captured 1 change documented

Create free account

Track 1 platform and get the weekly governance digest. No credit card required.

View original document at AWS ↗

This page describes what the document states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability may vary by jurisdiction. Methodology

8 Total

0 High severity

7 Medium severity

1 Low severity

Summary

This is the AWS Privacy Notice governing how Amazon Web Services collects and uses personal information from visitors to the AWS website and users of AWS marketing communications. The notice authorizes collection of identifiers, payment card data, IP addresses, device information, browsing activity, and location data, and permits sharing of this information with advertising, analytics, and shipping partners as well as Amazon.com group companies. California residents and EU/EEA users have additional rights including the right to request deletion of personal data and to opt out of certain data sharing, exercisable by contacting aws-privacy@amazon.com.

Technical / Legal Breakdown

This document is the AWS Privacy Notice, governing the collection, use, storage, and disclosure of personal information by Amazon Web Services, Inc. in connection with its cloud services website and related marketing activities. The notice states that AWS collects name, address, phone number, email address, payment card information, IP address, device identifiers, browsing activity, and geolocation data, and uses this information to operate services, process transactions, communicate with users, and deliver targeted advertising through third-party partners including Adobe, Google, and Marketo. The notice authorizes sharing of personal data with Amazon.com affiliates, third-party service providers, advertising and analytics partners, and government or law enforcement entities upon legal request, and reserves the right to transfer data internationally to countries that may have different data protection standards than the user's country of residence. The notice engages GDPR for EU and EEA residents, CCPA and California privacy law for California residents, and general FTC consumer protection frameworks applicable to US users; applicability of specific rights and obligations depends on the user's jurisdiction. EU and California residents are granted distinct rights including access, deletion, and opt-out mechanisms not universally available to all users, and the document directs these requests to aws-privacy@amazon.com.

Institutional Analysis

Institutional analysis available with Compliance

Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Compliance.

Start Compliance free trial

1 important change detected

2 versions captured · Last updated: May 2026

May 18, 2026

low

What changed AWS updated its Privacy Notice on May 18, 2026, making four operational changes. The document added a new section titled 'Advertising' to the table of contents. AWS also updated the Japan office address for Amazon Web Services Japan G.K. from 3-1-1 Kamiosaki, Shinagawa-ku, Tokyo 141-0021 to 1-3-1 Azabudai, Minato-ku, Tokyo 106-0041 in both the data controller section and the data subject access request contact information. These changes affect where individuals in Japan should direct privacy requests and where AWS Japan processes personal information.

Why this matters The updated Privacy Notice now explicitly lists 'Advertising' as a section in the table of contents, indicating AWS will provide information about advertising-related data practices. This disclosure was reorganized rather than newly introduced. The Japan office address for submitting data subject access requests has been updated from 3-1-1 Kamiosaki to 1-3-1 Azabudai. Customers and individuals in Japan should use the new address when submitting privacy requests to Amazon Web Services Japan G.K.

View full change record →

Recent Provision Changes May 18, 2026

7 provisions unchanged.

View full change record →

Medium — 7 provisions

Personal Information Collection Scope Compare →

The notice states that AWS collects directly provided identifiers including name, address, phone number, email address, username, password, and payment information, as well as automatically collected data including IP addresses, browser type, operating system, referring URLs, and website interaction data via cookies and tracking technologies.

Added May 21, 2026 Standard Seen across 284 platforms
Third-Party Advertising and Analytics Data Sharing Compare →

The notice authorizes sharing of user data, including browsing activity and identifiers collected via cookies and web beacons, with named third-party advertising and analytics providers including Adobe, Google, and Marketo for the purpose of delivering targeted advertising.

Added May 21, 2026 Standard Seen across 284 platforms
International Data Transfers Compare →

The notice states that personal information may be transferred to and processed in countries outside the user's country of residence, including countries with data protection standards that differ from those of the user's home jurisdiction.

Added May 10, 2026 Standard Seen across 284 platforms
Law Enforcement and Government Disclosure Compare →

The notice authorizes disclosure of personal information to government authorities, law enforcement, and private parties when required by law or when AWS determines such disclosure is reasonably necessary to enforce its terms or protect its operations and users.

Added May 21, 2026 Standard Seen across 284 platforms
Data Subject Rights for EU and California Residents Compare →

The notice states that EU/EEA residents have GDPR rights including access, correction, deletion, objection, and restriction of processing, and that California residents have CCPA rights including the right to know, delete, and opt out of sale of personal information. Both sets of rights are exercisable by contacting aws-privacy@amazon.com.

Added May 21, 2026 Standard Seen across 284 platforms
Use of Cookies and Tracking Technologies for Targeted Advertising Compare →

The notice states that AWS deploys cookies, web beacons, pixel tags, and other tracking technologies on its websites to collect browsing behavior, preference, and interaction data, which may be used for targeted advertising and advertising effectiveness measurement.

Added May 21, 2026 Standard Seen across 284 platforms
Sharing with Amazon Affiliates and Business Partners Compare →

The notice authorizes sharing of personal information with Amazon.com, Inc. and its subsidiaries, as well as with unspecified business partners offering services in conjunction with or through the AWS website.

Added May 21, 2026 Standard Seen across 284 platforms

Low — 1 provision

Data Retention Compare →

The notice states that personal information is retained for as long as necessary to fulfill the purposes described in the notice, to comply with legal obligations such as tax and accounting requirements, or as otherwise communicated to users. No specific retention periods are specified.

Added May 21, 2026 Standard Seen across 284 platforms

Monitoring

AWS has updated this document before.

Monitor includes same-day alerts, structured change summaries, and monitoring for up to 25 platforms.

Start Monitor free trial Or create a free account →

Compliance Governance Intelligence

Need provision-level monitoring and regulatory mapping?

Compliance includes governance timelines, compliance memos, audit-ready analysis, and full provision tracking.

Start Compliance free trial

Cross-platform context

See how other platforms handle Behavioral Advertising and Third-Party Tracking and similar clauses.

Compare across platforms →

Archival ProvenanceSource & Archival Record

Last Captured May 18, 2026 01:06 UTC

Capture Method Automated scheduled archival capture

Document ID CA-D-000649

Version ID CA-V-002707

Source URL https://aws.amazon.com/privacy/

Wayback Machine View external archival references →

SHA-256 60c077cc945f7777afbff7484785ed83d3f9ca9a17aa6a3d0e10db08f1273f8b

✓ Snapshot stored ✓ Text extracted ✓ Change verified ✓ Hash verified

AWS Privacy Notice

May 18, 2026

Recent Provision Changes May 18, 2026

Monitor governance changes across the platforms you rely on.