The notice states that AWS collects directly provided identifiers including name, address, phone number, email address, username, password, and payment information, as well as automatically collected data including IP addresses, browser type, operating system, referring URLs, and website interaction data via cookies and tracking technologies.
This analysis describes what AWS's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This provision establishes the scope of personal data collection applicable to all AWS website visitors and registered users, including both actively provided information and passively collected technical and behavioral data. The combination of directly provided identifiers with automatically collected browsing and device data creates a data profile that may be used for advertising and analytics purposes as described elsewhere in the notice.
Interpretive note: The exact text of the collection scope clause was not fully available in the provided document excerpt; language above reflects the described categories consistent with the document's disclosed practices.
Under this provision, users of the AWS website are subject to collection of both voluntarily provided personal identifiers and automatically collected behavioral and technical data including IP addresses and browsing activity. This collection occurs upon interaction with the AWS website regardless of whether the user holds an active AWS service account.
How other platforms handle this
At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.
We may display advertisements on our Services and those advertisements may be targeted to your interests based on your personal information. We may share your personal information with advertising partners for interest-based advertising purposes. You may opt out of interest-based advertising by visi...
We collect your personal data when you use our Services, create a new eBay account, provide us with information via a web form, add or update information in your eBay account, participate in online community discussions or otherwise interact with us.
Monitoring
AWS has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"We collect information you provide to us, such as your name, address, phone number, email address, username and password, and payment information. We automatically collect certain types of information when you interact with our websites or services, such as cookies and other tracking technologies to collect information including IP addresses, browser type, operating system, referring URLs, and information about your interactions with our websites.— Excerpt from AWS's AWS Privacy Notice
1. REGULATORY LANDSCAPE: The collection of IP addresses, device identifiers, and browsing activity may constitute processing of personal data under GDPR, requiring a documented lawful basis. Under CCPA, these categories fall within the statutory definition of personal information, triggering notice-at-collection obligations. The FTC Act's prohibition on deceptive practices is relevant to the accuracy of disclosures about what data is collected and how it is used. The collection of payment card information may also interact with PCI DSS security requirements. 2. GOVERNANCE EXPOSURE: Medium. The breadth of automatically collected data, combined with the use of cookies and tracking technologies, creates compliance obligations under GDPR cookie consent requirements and CCPA notice requirements. The simultaneous collection of identifiers and behavioral data enables user profiling, which may require a legitimate interests assessment or explicit consent depending on jurisdiction. 3. JURISDICTION FLAGS: EU and EEA residents have heightened exposure due to GDPR requirements for lawful basis documentation for each category of data collected. California residents have CCPA rights regarding categories of personal information collected. Illinois BIPA is not directly implicated by this provision as described. 4. CONTRACT AND VENDOR IMPLICATIONS: Enterprise customers whose employees access the AWS website should assess whether this collection scope intersects with their own employee privacy notices or BYOD policies. The collection of payment information may require vendor assessment from a PCI DSS perspective. 5. COMPLIANCE CONSIDERATIONS: Compliance teams should verify that cookie consent mechanisms on the AWS website meet the standards required for EU users under GDPR, including granular opt-in for non-essential cookies. Data mapping exercises should account for all categories of automatically collected data listed in this provision.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This provision establishes the scope of personal data collection applicable to all AWS website visitors and registered users, including both actively provided information and passively collected technical and behavioral data. The combination of directly provided identifiers with automatically collected browsing and device data creates a data profile that may be used for advertising and analytics purposes as described elsewhere in …
Under this provision, users of the AWS website are subject to collection of both voluntarily provided personal identifiers and automatically collected behavioral and technical data including IP addresses and browsing activity. This collection occurs upon interaction with the AWS website regardless of whether the user holds an active AWS service account.
ConductAtlas has identified this type of provision across 1 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by AWS.