0

Thinking of developing IoT applications that might contain personally identifiable data on MS Azure IoT Hub or AWS. Although these provide guidance as to how to make the data GDPR-compliant, I couldn't find information about their role on the process.

Are they data controllers? Data processors? Obviously, as far as GDPR is concerned, they might have some liability over personal data.

Can you please point to some Ts&Cs/disclaimers which might cover MS/AWS liability?

Thanks

epm-bt
  • 71
  • 4
  • 1
    Controllers and processors are roles, not things. **You** will be the data controller of data collected by your IoT devices; AWS, Azure, etc will be processors, so you should have a data processing agreement in place with them - this is likely incorporated into their standard T&Cs. As a controller, it's up to you to ensure that any agreement is good enough - it's generally you that bears the liability, not them. – Synchro Dec 03 '19 at 19:01
  • "this is likely incorporated into their standard T&Cs"--thanks, that's exactly what I thought, but I can't seem to be able to find the Ts&Cs… Any help?... – epm-bt Dec 04 '19 at 07:40

0 Answers0