AWS lambda and GDPR

NOTE: This was a break off of the TO DO List Review thread. It seemed to derail the review aspect of that thread, but was still a decent conversation, so it was split off into it’s own thread. - SP Staff

There is many official sources that claims that this is a problem:

International reactions

The European Data Protection Supervisor (EDPS) viewed the CLOUD Act as a law in possible conflict with the GDPR.[19][20][21] The German Commissioner for Data Protection has warned against the use of US based Amazon Web Services for storing sensitive data for the Federal Police.[22]

And the Cloud Act means that a European AWS server is under control by USA and NSA as well.

For the federal police not everyone. Also cloud vendors have data centers in Europe. Infrastructure can be hosted in European data centers instead of us based ones.

There are a lot of companies in Europe using us based cloud company services. So I’m not sure any of that is really relevant.

AWS has information dedicated to this.

https://aws.amazon.com/compliance/eu-us-privacy-shield-faq/

Though perhaps that might be a concern for other cloud vendors that are us based.

Cloudflare is us based as well. Why would cloudflare be allowed and aws not.

In Cloudflare the serverless lambda platform is workers.

Serverless framework has support for cloudflare workers built in.

https://www.serverless.com/framework/docs/providers/cloudflare/guide/intro

I for sure will not store any sensitive data hosted by any company that can be ordered by any foreign authorities to view my or my customers data.

I was not aware of lambda, but I will dive into this as soon as possible, thank you for your tip.

Vendors have full access to data unless encrypted.

Lambda is wonderful especially with golang and serverless.

1 Like