Amazon Chime 是否符合 GDPR 标准?
Is Amazon Chime GDPR compliant?
我们正在使用 Amazon Chime SDK 构建视频通话应用程序。我们的应用程序服务于英国的客户,需要符合 GDPR。
Amazon Chime 的 compliance info page 未明确说明与 GDPR 合规性相关的任何内容。不过AWS自己说是,Chime是AWS下的服务
所以我们不确定 Chime 本身是否符合 GDPR。如果有任何相关信息可以最终确认或否认 Chime 的 GDPR 合规性,请有人提出建议。
我认为 Amazon Chime 不符合 GDPR。该网站不提供导出现有用户数据的方法。导出历史记录的方法是在聊天记录中向后滚动并复制粘贴:
https://answers.chime.aws/questions/629/how-can-i-save-all-the-data-from-a-chat-room-or-co.html
经过多次尝试,我们确实得到了来自 AWS 的回复 - 尽管含糊不清。
At the foundation of Amazon Chime security is Amazon Web Services
(AWS) Security. AWS regions and networks are built and operated to
meet the requirements of some of the world’s most security-sensitive
organizations. AWS constantly undergoes third-party audits by a
variety of public sector and private sector auditing organizations in
order to maintain its status under multiple compliance offerings, such
as the credit card industry’s PCI DSS Level 1, the U.S. Government’s
FedRAMP program, C5 Certification in Germany, and IRAP assessment by
the Australia Government. For more information, see the AWS Security
and AWS Compliance websites. Amazon Chime is designed and operated
according to the same AWS standards, has undergone the compliance
process required to be a HIPAA-eligible service, and is currently in
the process of being added to other relevant compliance programs.
The Amazon Chime SDK can be used by customers who incorporate GDPR
best practices and compliance using our Shared Responsibility Model.
所以他们似乎暗示它可以以符合 GDPR 的方式使用。
附加信息:针对聊天功能,AWS 建议我们使用数据消息传递 API 路由以确保数据在欧盟范围内的中继和保留。
All chat messages in the Chime app are relayed and stored in us-east-1
(Virginia). The chat messages always leave the UK.
There is a data messaging API in the SDK that can be use to build
chat.
(https://aws.github.io/amazon-chime-sdk-js/modules/apioverview.html#9-send-and-receive-data-messages-optional)
These messages flow through the same region that is used to host the
meeting (London, for example) and they are persisted there for a few
minutes and until the end of the meeting so that they can be relayed
to other participants during that meeting.
与您的 AWS 技术 POC 交谈。我相信他们可以帮助您更好地理解这一点。 AWS 是一个庞大的服务生态系统。与其他服务一起使用的 Chime 可以符合 GDPR。
例如,所有 Chime 事件都通过 AWS EventBridge 进行跟踪。应该很容易归因和跟踪特定用户的所有数据。
我们正在使用 Amazon Chime SDK 构建视频通话应用程序。我们的应用程序服务于英国的客户,需要符合 GDPR。
Amazon Chime 的 compliance info page 未明确说明与 GDPR 合规性相关的任何内容。不过AWS自己说是,Chime是AWS下的服务
所以我们不确定 Chime 本身是否符合 GDPR。如果有任何相关信息可以最终确认或否认 Chime 的 GDPR 合规性,请有人提出建议。
我认为 Amazon Chime 不符合 GDPR。该网站不提供导出现有用户数据的方法。导出历史记录的方法是在聊天记录中向后滚动并复制粘贴: https://answers.chime.aws/questions/629/how-can-i-save-all-the-data-from-a-chat-room-or-co.html
经过多次尝试,我们确实得到了来自 AWS 的回复 - 尽管含糊不清。
At the foundation of Amazon Chime security is Amazon Web Services (AWS) Security. AWS regions and networks are built and operated to meet the requirements of some of the world’s most security-sensitive organizations. AWS constantly undergoes third-party audits by a variety of public sector and private sector auditing organizations in order to maintain its status under multiple compliance offerings, such as the credit card industry’s PCI DSS Level 1, the U.S. Government’s FedRAMP program, C5 Certification in Germany, and IRAP assessment by the Australia Government. For more information, see the AWS Security and AWS Compliance websites. Amazon Chime is designed and operated according to the same AWS standards, has undergone the compliance process required to be a HIPAA-eligible service, and is currently in the process of being added to other relevant compliance programs.
The Amazon Chime SDK can be used by customers who incorporate GDPR best practices and compliance using our Shared Responsibility Model.
所以他们似乎暗示它可以以符合 GDPR 的方式使用。
附加信息:针对聊天功能,AWS 建议我们使用数据消息传递 API 路由以确保数据在欧盟范围内的中继和保留。
All chat messages in the Chime app are relayed and stored in us-east-1 (Virginia). The chat messages always leave the UK.
There is a data messaging API in the SDK that can be use to build chat. (https://aws.github.io/amazon-chime-sdk-js/modules/apioverview.html#9-send-and-receive-data-messages-optional) These messages flow through the same region that is used to host the meeting (London, for example) and they are persisted there for a few minutes and until the end of the meeting so that they can be relayed to other participants during that meeting.
与您的 AWS 技术 POC 交谈。我相信他们可以帮助您更好地理解这一点。 AWS 是一个庞大的服务生态系统。与其他服务一起使用的 Chime 可以符合 GDPR。
例如,所有 Chime 事件都通过 AWS EventBridge 进行跟踪。应该很容易归因和跟踪特定用户的所有数据。