This analysis describes what AWS's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This clause clarifies the data protection framework by delineating AWS's role as a processor rather than controller for customer data stored on AWS infrastructure. It specifies that responsibility for data protection compliance and privacy disclosures transfers to the business customer in their capacity as controller.
Business customers using AWS Services to store or process data operate under their own privacy notices rather than AWS's Privacy Notice. This allocation establishes the customer as the party responsible for privacy compliance and disclosure obligations regarding data stored on AWS infrastructure.
How other platforms handle this
When we provide the Service to our customers, we act as a data processor on behalf of those customers. Our customers are the data controllers, meaning that they determine the purposes and means of the processing of personal data that is submitted into the Service. If you are an end user of a custome...
If you are in the 'Designated Countries', LinkedIn Ireland Unlimited Company ('LinkedIn Ireland') will be the controller of your personal data provided to, or collected by or for, or processed in connection with our Services. If you are outside of the Designated Countries, LinkedIn Corporation will ...
This Privacy Policy does not apply where Anthropic acts as a data processor and processes personal data on behalf of commercial customers using Anthropic's Commercial Services – for example, your employer has provisioned you a Claude for Work account, or you're using an app that is powered on the ba...
Monitoring
AWS has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"This Privacy Notice does not apply to personal information we process on behalf of our business customers when they use our Services (for example, when an AWS customer uses Amazon S3 to store their data). In those cases, our business customer is the data controller, and our business customer's privacy notice (not this one) applies to the processing of personal information in their Services.— Excerpt from AWS's AWS Privacy Notice
We read the privacy policies and terms of service of 38 AI platforms. Here is what they say about training, retention, arbitration, and liability.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This clause clarifies the data protection framework by delineating AWS's role as a processor rather than controller for customer data stored on AWS infrastructure. It specifies that responsibility for data protection compliance and privacy disclosures transfers to the business customer in their capacity as controller.
Business customers using AWS Services to store or process data operate under their own privacy notices rather than AWS's Privacy Notice. This allocation establishes the customer as the party responsible for privacy compliance and disclosure obligations regarding data stored on AWS infrastructure.
ConductAtlas has identified this type of provision across 2 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by AWS.