The cloud computing provider said it is “is taking the necessary steps to certify” below the framework, which has been set up to facilitate the transfer of personal data between the EU and US. Microsoft said it would sign up to the Privacy Shield endure month.

Since 1 August, US businesses possess been capable to self-certify their compliance with a set of privacy principles that construct up piece of the Privacy Shield.

The European Commission has set out its view that businesses that transfer personal data from the EU to the US in line with the Privacy Shield principles and self-certify below the framework will adhere to EU data protection law requirements regarding the transfer of personal data outside the European Economic Area (EEA).

In a blog Amazon said its Amazon Web Services (AWS) customers will retain the ability to choose within which “region” their data is stored. It said that for customers that wish to transfer data between the EEA and other parts of the earth, including the US, it has locate in place data processing contract clauses that possess been approved by EU data protection authorities to aid underpin the data transfers they facilitate on behalf of customers.

endure year the National Commission for Data Protection in Luxembourg (CNPD) said that contract terms used by AWS covering the processing of data via its servers around the earth “construct sufficient contractual commitments to provide a legal framework to its international data flows” to correspond with EU data protection rules. The CNPD was acting on behalf of the Article 29 Working Party, a committee of national data protection authorities from across the EU.

Data protection law expert Kuan Hon of Pinsent Masons, the law firm behind, said it is “understandable” that Amazon, enjoy other businesses, has adopted a “belts and braces approach” to EU-US data transfers and is providing for model contract clauses as a basis for those data transfers in addition to signing up to the Privacy Shield.

delayed endure month the Article 29 Working Party stated that it retains some concern about aspects of the Privacy Shield, including in honor of “mass and indiscriminate collection of personal data” by US authorities as well as on some “commercial aspects” of the framework. It said it “regrets … the lack of specific rules on automated decisions and of a general proper to object” and said it “also remains unclear how the Privacy Shield Principles shall apply to processors”.

Despite its concerns, however, the Working Party indicated that it they will not challenge the legitimacy of data transfer arrangements below the fresh EU-US Privacy Shield atthesametime the first year of its operation.

Instead it said that national data protection authorities (DPAs) within the EU “commit themselves to proactively and independently assist the data subjects with exercising their rights below the Privacy Shield mechanism, in particular when dealing with complaints” atthesametime the first year.

Information law specialist Cerys Wyn Davies of Pinsent Masons recently looked into the practical steps US companies require to grab to self-certify below the Privacy Shield.