Is Amazon Web Services GDPR Compliant?
Amazon Web Services privacy and compliance overview. Last scanned: 1 months ago.
Amazon Web Services scored 45/100 (grade F), indicating significant privacy issues. Key issues found: 1 tracking request detected before consent. Tracking requests detected but no consent banner found. This is an automated technical assessment, not a legal compliance certification.
45/100
Privacy and compliance score
Scanned May 14, 2026 in fetch mode.
Pre-consent tracking
0/231 tracking request detected before consent.
Cookie consent banner
0/12Tracking requests detected but no consent banner found.
CCPA / CPRA disclosures
3/8CCPA/CPRA partial: CCPA/CPRA language in privacy policy. CCPA/CPRA compliance requires more than disclosures. This score reflects observable signals only, not legal compliance.
Security headers
7/101 security header missing: Content-Security-Policy.
DPA and sub-processor list
3/7Sub-processor list found, but no DPA reference detected.
Accessibility (WCAG 2.x AA)
7/15Accessibility scan unavailable in fetch mode.
COPPA signal
5/5No COPPA language detected.
Privacy policy
10/10Privacy policy found, substantial, recently updated, and covers user rights.
AI training stance
5/5AI training opt-out disclosure found in privacy policy.
Hosting region disclosure
5/5Data hosting region disclosed in privacy policy.
Does Amazon Web Services self-report SOC 2, HIPAA, or PCI compliance?
The following is based on Amazon Web Services's public documentation. ComplianceCheckup has not independently audited these claims.
Frequently asked questions about Amazon Web Services compliance
Is Amazon Web Services GDPR compliant?
Amazon Web Services received a privacy grade of F (45/100) in our automated scan. 1 tracking request detected before consent. Tracking requests detected but no consent banner found. For a complete GDPR assessment, consult a qualified privacy professional.
Does Amazon Web Services offer a Data Processing Agreement (DPA)?
Yes. Amazon Web Services provides a DPA linked in the Legal documents section above. Review it carefully and sign before transferring personal data.
Is Amazon Web Services SOC 2 certified?
Amazon Web Services holds a SOC 2 Type II certification.
Does Amazon Web Services have a HIPAA Business Associate Agreement?
Yes. Amazon Web Services publicly offers a HIPAA BAA. Check their legal or trust center page for the current BAA template.
What pre-consent tracking did we find on Amazon Web Services?
1 tracking request detected before consent. Pre-consent tracking means scripts or cookies run before users accept or decline the cookie banner, which may violate GDPR Article 5(1)(a). ComplianceCheckup detected this via an automated headless browser scan.
What are Amazon Web Services's biggest privacy risks?
Based on our automated scan, the top areas of concern are: Pre-consent tracking, Cookie consent banner, CCPA / CPRA disclosures. 1 tracking request detected before consent. These findings are automated and may not capture all risks.
How does Amazon Web Services handle CCPA?
CCPA/CPRA partial: CCPA/CPRA language in privacy policy. CCPA/CPRA compliance requires more than disclosures. This score reflects observable signals only, not legal compliance. CCPA requires businesses handling California residents' data to disclose data practices, honor opt-out requests, and support the Global Privacy Control (GPC) signal. Our scan checks for GPC support and CCPA-relevant cookie disclosures.
Not legal advice. The scan grade is an automated technical assessment and does not constitute legal or compliance advice. Self-reported claims have not been independently verified. Results may contain false positives or miss issues that cannot be detected programmatically. Consult a qualified attorney or compliance professional for your specific situation.