Advertising and the EU General Data Protection Regulation

In 2016, the European Commission adopted the new General Data Protection Regulation (GDPR). The GDPR is designed to harmonize laws across Europe that govern the security and protection of personal data, including personal data used in advertising.

Amazon has a longstanding commitment to privacy and data security. We continuously review our advertising systems and processes to ensure they meet our own high standards and the requirements of all applicable data protection laws, including GDPR. Amazon advertising services comply with the requirements of GDPR. Amazon’s advertising systems include the following protections:

  • Privacy. Amazon’s advertising services are designed to protect user privacy when serving interest-based ads. Amazon’s advertising systems do not use personally identifiable information such as name or email to serve interest-based ads.
  • Notice. On, Amazon provides information about interest-based ads, including the type of information used to display those ads.
  • Choice. Users can control their interest-based ad preferences by visiting the Amazon Ad Preferences page at or the European Interactive Digital Advertising Alliance’s YourOnlineChoices site at
  • Security and data management. Amazon advertising services have physical, electronic, and procedural safeguards for the collection, storage, transfer, and processing of data. Transfers of data outside the European Economic Area comply with applicable legal requirements, including standard contractual clauses issued by the European Commission and the EU-US Privacy Shield Framework.
  • Third parties. To deliver interest-based ads, Amazon works with publishers, advertisers, agencies, ad networks, and other service providers that demonstrate their commitment to comply with applicable law.