The notice states that EU/EEA residents have GDPR rights including access, correction, deletion, objection, and restriction of processing, and that California residents have CCPA rights including the right to know, delete, and opt out of sale of personal information. Both sets of rights are exercisable by contacting aws-privacy@amazon.com.
This analysis describes what AWS's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This provision establishes the mechanism and contact point for exercising data subject rights for the two largest regulated user populations. The notice's acknowledgment of these rights is a compliance disclosure; the practical effectiveness of these rights depends on AWS's operational response processes, which are not described in detail in the notice.
EU/EEA and California residents may exercise statutory privacy rights including access, deletion, and opt-out rights by contacting aws-privacy@amazon.com. Users in other jurisdictions are not described as having equivalent rights under this notice, though applicable local law may independently grant such rights.
How other platforms handle this
If you are located in the European Economic Area, Switzerland, or the United Kingdom, you have the right to access, correct, or erase your personal data; the right to restrict or object to our processing of your personal data; the right to data portability; and, where our processing is based on your...
Depending on where you are located, you may have certain rights regarding your personal information, including the right to access, correct, delete, or restrict processing of your personal information, the right to data portability, and the right to object to or withdraw consent for certain processi...
Depending on your location, you may have certain rights regarding your personal data, including the right to access, correct, delete, or port your data. EU and UK users may also have the right to object to or restrict certain processing. California residents may have the right to know, delete, corre...
Monitoring
AWS has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"If you are located in the European Economic Area, you have certain rights under the General Data Protection Regulation (GDPR) with respect to your personal data, including the right to request access to your personal data, the right to request that we correct or delete your personal data, and the right to object to or restrict our processing of your personal data. California residents have certain rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information is collected, the right to delete personal information, and the right to opt out of the sale of personal information.— Excerpt from AWS's AWS Privacy Notice
1. REGULATORY LANDSCAPE: GDPR Articles 15 through 22 establish the data subject rights referenced in this provision, with a general response obligation of one month extendable to three months for complex requests. CCPA as amended by CPRA grants rights to know, delete, correct, and opt out, with a 45-business-day response requirement. The California Privacy Protection Agency and California Attorney General enforce CCPA. EU data protection authorities enforce GDPR rights obligations. 2. GOVERNANCE EXPOSURE: Medium. The notice identifies a single email address for all rights requests without specifying response timelines, identity verification procedures, or escalation paths. Compliance exposure arises if response processes do not meet statutory deadlines or if identity verification procedures are disproportionately burdensome. 3. JURISDICTION FLAGS: GDPR's right of erasure and right to object carry specific conditions and exceptions that must be operationally documented. California's opt-out right specifically addresses sale and sharing for cross-context behavioral advertising. UK GDPR creates parallel obligations for UK residents. Brazil's LGPD and other emerging privacy frameworks may create additional rights obligations not addressed in this notice. 4. CONTRACT AND VENDOR IMPLICATIONS: Enterprise customers acting as data controllers who use AWS marketing systems should assess whether this provision interacts with their own data subject request workflows, particularly where employee or end-user data may be collected through AWS-hosted properties. 5. COMPLIANCE CONSIDERATIONS: Compliance teams should verify that the aws-privacy@amazon.com intake process includes documented response timelines, identity verification procedures proportionate to the sensitivity of the requested data, and escalation procedures for contested or complex requests. CCPA's right to correct, added by CPRA, should be confirmed as covered by current intake processes.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This provision establishes the mechanism and contact point for exercising data subject rights for the two largest regulated user populations. The notice's acknowledgment of these rights is a compliance disclosure; the practical effectiveness of these rights depends on AWS's operational response processes, which are not described in detail in the notice.
EU/EEA and California residents may exercise statutory privacy rights including access, deletion, and opt-out rights by contacting aws-privacy@amazon.com. Users in other jurisdictions are not described as having equivalent rights under this notice, though applicable local law may independently grant such rights.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by AWS.