Akamai will record this transcript. Please read our privacy policy for more information. By proceeding you agree to the recording and the use of your personal data.
Learn more about how Akamai products and services follow privacy laws, regulations, certifications, and frameworks.
Privacy Trust CenterAkamai customers are responsible for complying with applicable compliance laws and regulations. Akamai offers security features and legal agreements to support customers’ compliance. No formal certification is available within these laws and regulations.
Certifications and attestations are assessed by a third-party, independent auditor and result in a certification, audit report, or attestation of compliance.
Compliance alignments and frameworks include published security or compliance requirements for a specific purpose, such as a specific industry or function. Akamai provides functionality such as security features and documents for these types of programs. Requirements under specific alignments and frameworks may not be subject to certification or attestation.
Overview
The California Consumer Privacy Act of 2018 is a California law intended to enhance privacy rights and consumer protection for residents of the U.S. state.
As of January 1, 2020, companies or organizations that do business in California are required to comply with the state’s strict new privacy legislation that establishes a legal and enforceable right of privacy for every California resident. The new regulations are not just for businesses based in California; they apply to all companies that do business in the state, independent of the location of the organization’s incorporation.
Akamai Compliance
With respect to the CCPA, Akamai acts as a service provider for our customers. Customers are ultimately the responsible party with respect to the CCPA obligations associated with their Internet properties that use Akamai services.
All Akamai services comply with the CCPA. This means that not only can customers continue using their existing Akamai services, they can also deploy services such as Akamai Identity Cloud as a key part of their CCPA compliance strategy.
CCPA requires that California consumer personal data processed by an organization is appropriately and sufficiently managed and protected. In an interconnected world, where many web applications and websites collect and use personal data, this can be a big challenge. Akamai’s intelligent edge platform can be leveraged to help customers meet this challenge. It offers strong data management and security capabilities based on a self-service data management tool, a team of qualified security professionals, flexible and high-quality processes, and recognized state-of-the-art technology.
CCPA Resources
Applicable Akamai Services
All Akamai services are applicable.
Overview
The E-Privacy laws are an important legal instrument to ensure the right to privacy in electronic communications and digital marketing. The current Directive 2009/136/EC version has been implemented into local laws by most EU member states.
The E-Privacy Directive targets telecommunication service providers and consists of the following:
The main changes in the current Directive 2009/136/EC compared to the 2002 version has been the introduction of a data breach notification requirement for telecommunication service providers and the consent requirement for cookie usage.
The E-Privacy Directive is currently in review by the EU bodies to become a regulation that will prevail over to the more general GDPR as far as personal data in electronic communication is concerned. The difference to the existing Directive is that the scope of the E-Privacy Regulation is extended to address also over-the-top (OTT) communication service provider.
Akamai Compliance
Akamai has ensured compliance with the various requirements of the Directive 2009/136/EC and its local implementations, such as cookie banners on its websites, opt-out mechanism for the cookies used when providing the services, and the performance of marketing activities in compliance with the E-Privacy requirements.
Applicable Akamai Services
All Akamai Security Solutions, including web and mobile analytics solutions ( mPulse , CloudTest ), are applicable.
Q&A
Does Akamai’s mPulse service comply with E-Privacy laws?
Yes, all Akamai services comply with E-Privacy. For mPulse, please read the white paper “mPulse – Compliance With Global Data Protection Laws ”.
Overview
The General Data Protection Regulation (GDPR), in effect since May 25, 2018, is the current European Union (EU) data protection law that aims to harmonize local data protection laws across Europe. Since its inception, the law has triggered organizations to bolster privacy policies and established data protection best practices across the globe.
The GDPR requires organizations to manage and secure any operation that involves processing EU personal data to protect against unauthorized access. Noncompliance with GDPR can result in fines that materially impact an organization.
The EU General Data Protection Regulation
Akamai Compliance
Akamai services comply with the GDPR. This means that not only can customers continue using Akamai, they can also deploy Akamai services as a key part of their GDPR compliance strategy. GDPR requires that EU personal data processed by an organization is appropriately and sufficiently managed and protected. In an interconnected world, where many web applications and websites collect and use personal data, this can be a big challenge. Akamai’s intelligent edge platform can be leveraged to help customers meet this challenge. It offers a strong data management and security strategy based on a self-service data management tool, a team of expert security professionals, flexible and high-quality processes, and recognized state-of-the-art technology.
Akamai describes the processing activities during its service provisioning in the “Akamai’s Personal Data Processing Activities and Role” document.
In addition, Akamai requests customers agree on a data processing agreement to ensure the customer and Akamai compliance with Art 28 GDPR of the processing of personal data during Akamai’s service provisioning.
Applicable Akamai Services
All Akamai services are applicable.
Q&A
Does Akamai’s mPulse service comply with GDPR?
Yes, all Akamai services comply with GDPR. For mPulse, please read the white paper “mPulse – Compliance With Global Data Protection Laws”.
Overview
The U.S. Health Insurance Portability and Accountability Act of 1996 (HIPAA) set forth the requirements for the processing of personal identifiable information by healthcare service and insurance providers.
The Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH) defines access rights to health data and mechanisms for patients to maintain control over their data. It expands the exchange of electronic protected health information as well as the scope of privacy and security protections under HIPAA.
Resources
Akamai Compliance
Neither HIPAA nor HITECH are directly applicable to Akamai as a content delivery and web security service provider. Nevertheless, where Akamai is engaged by its healthcare customers to process healthcare data, it may be considered as a Business Associate, and a Business Associate Agreement might be required between Akamai and the healthcare customer. A copy of Akamai’s standard Business Associate Agreement is available upon request.
To ensure compliance with the HIPAA Security Rule, Akamai pursues an annual assessment. The Executive Summary of such assessment and/or the related letter by the assessors is available to Akamai customers and partners subject to a nondisclosure agreement (NDA).
Resources
Applicable Akamai Services
Akamai’s Web Performance and Security Services when running on Akamai’s Secure CDN with Enhanced TLS service, and Akamai Identity Cloud, all when used to process personal identifiable information by healthcare service and insurance providers.
Q&A
When was Akamai's most recent HIPAA assessment?
Akamai’s most recent assessment for compliance with the HIPAA Security Rule was completed by CFGI. Contact your account team for more information.
Is Akamai HIPAA certified?
No, as such a certification does not exist. HIPAA compliance is an ongoing process. Akamai trains its employees on HIPAA requirements and ensures they are following HIPAA-related policies and procedures.
Does Akamai sign Business Associate Agreements with customers?
To the extent that Akamai transmits personal health information while providing services to its covered entity customers such that it is functioning as a “business associate,” Akamai will enter into the required Business Associate Agreement as part of its normal contracting process. A copy of Akamai’s standard Business Associate Agreement is available upon request.
Is Akamai assessed under the HITRUST CSF framework?
Akamai is not assessed under the HITRUST CSF framework. Akamai undergoes annual audits conducted by accredited independent auditors to ensure ongoing HIPAA and HITECH compliance for those services identified as appropriate for use with protected health information.
Overview
Brazil’s Lei Geral de Proteção de Dados, the Brazilian General Data Protection Law, Federal Law no. 13,709/2018 (“LGPD”) will become effective on August 16, 2020. The LGPD creates a new legal framework for the use of personal data in Brazil, both online and offline, in the private and public sectors. As supervisory authority, the National Data Protection Authority (ANPD) has been created and charged with overseeing and enforcing the LGPD.
Resources
Akamai Compliance
Akamai services comply with the LGPD. This means that not only can customers continue using Akamai services, they can also deploy Akamai services as a key part of their LGPD compliance strategy. The LGPD requires that Brazilian personal data processed by an organization is appropriately and sufficiently managed and protected. In an interconnected world, where many web applications and websites collect and use personal data, this can be a big challenge.
Akamai’s intelligent edge platform can be leveraged to help customers meet this challenge by offering a strong data management and security strategy based on a self-service data management tool, a team of expert security professionals, flexible and high-quality processes, and recognized state-of-the-art technology.
Downloads / Links
Privacy Trust Center
Applicable Akamai Services
All services are applicable.
Q&A
How does the LGPD differ from the GDPR?
The LGPD differs from the GDPR in some areas. For example, under the LGPD, there are ten legal bases to satisfy for processing activity, compared to six legal bases set forth in the GDPR.
Is there a deadline under LGPD to comply with the data breach notification obligation?
LGDP does not set forth a deadline within which a data controller shall notify data breaches. The ANPD is to set up such a deadline.
Overview
The Monetary Authority of Singapore (MAS) regulates financial institutions in the banking, capital markets, insurance, and payments sectors incorporated in Singapore. Neither of its regulations are directly applicable to Akamai as a content delivery and web security service provider. Nevertheless, where Akamai is engaged by its Singapore financial services customers to process financial data, it may be considered to act as an outsourcing service provider who is regulated by the MAS. The MAS Outsourcing Guidelines for local financial institutions on risk management of outsourcing arrangements, cover inter alia:
Resources
Amendments:
Akamai Compliance
Akamai services used by financial service providers incorporated in Singapore are considered outsourced activities under these guidelines. Since Akamai services are compliant with the guidelines, financial services customers incorporated in Singapore can not only continue using Akamai services, but also deploy them as a key part of an outsourcing compliance strategy.
Applicable Akamai Services
Overview
The revised Payment Services Directive (PSD2) by the EU and Open Banking, the UK implementation of PSD2, require financial institutions to open their payment infrastructure, granting third-party provider (TPP) access to their customers’ bank account data. Regulatory bodies are driving this initiative to facilitate innovation, competition, and efficiency in financial services by enabling TPPs to provide payment and account information services to consumers.
Resources
Akamai Compliance
Akamai solutions help financial institutions comply with PSD2 by enhancing customer experiences, application stability, and security controls. The Akamai Intelligent Edge Platform serves as a conduit for communication between TPPs and the financial institution. Akamai security services protect the institution’s APIs from unauthorized access and ensure only authenticated access requests are processed. Akamai helps with PSD2 compliance by:
Downloads / Links
Applicable Akamai Services
Identity Cloud, Secure Content Delivery, Kona Site Defender, Ion, DSA, and API Gateway.
Q&A
Is Open Banking the same as PSD2?
Open Banking is the PSD2 implementation in UK. It is based on a ruling — issued in August 2016 by the United Kingdom Competition and Markets Authority (CMA) — that required the nine biggest UK banks to allow licensed startups direct access to their data down to the level of transaction account transactions. See also Wikipedia.
Why is the PSD2 implementation always a customized solution?
PSD2 will always be a custom implementation because of the unique needs of each certificate authority Trust Provider (TP), specific legislation for EU countries, and internal compliance requirements according to individual company policies.
Overview
Akamai since June 2017 fulfills the requirements for critical infrastructure service providers for its content delivery network services in Germany implemented by the German BSI (Federal Office for Information Security). In accordance with the underlying legislation, the BSI Act, Akamai performs a third-party audit every two years to prove that its technical and organizational measures appropriately protect its system and ensure the availability, integrity, authenticity, and confidentiality of its services.
Resources
Akamai Assessment
In Q1 2019, Akamai Germany completed the audit, which was accepted by the BSI. The basis for the audit is Akamai’s 2018 SOC 2 Type 2 report and the ISO 27002 assessment, as well as three on-site audits in data centers across Germany.
Downloads / Links
Applicable Akamai Services
Q&A
How long have Akamai CDN services been critical infrastructure services in Germany?
Since June 2017.
What about Akamai’s Security Services?
Security services are not considered a critical infrastructure service according to the BSI Act. Akamai is a recommended provider of distributed denial-of-service (DDoS) protection services to other critical infrastructure services providers. See also Qualified DDoS Mitigation Service Providers (German).
Overview
The Cloud Security Alliance Security Trust Assurance and Risk (STAR) Program encompasses key principles of transparency, rigorous auditing, and harmonization of standards. Companies who use STAR indicate best practices and validate the security posture of their cloud offerings.
The STAR registry documents the security and privacy controls provided by popular cloud computing offerings. This publicly accessible registry allows cloud customers to assess their security providers in order to make the best procurement decisions.
Resources
Akamai Certification
Identity Cloud obtained the Cloud Security Alliance (CSA) Level 2, Type 2 Attestation (third-party audit).
Applicable Akamai Services
Dates / Term / Auditor
A-LIGN Assurance performs Akamai’s CSA Level 2, Type 2 Attestation.
Akamai’s latest assessment covers the period from May 1, 2018, through April 30, 2019, and is valid until May 1, 2020.
Q&A
How do I obtain a copy of Akamai’s CSA Level 2, Type 2 Attestation?
Your Akamai account team can provide a copy of this report.
Overview
A U.S. government compliance program, Federal Risk and Authorization Management Program (FedRAMP) provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services.
FedRAMP created and manages a core set of processes to ensure effective and repeatable cloud security for the U.S. government. It established a mature marketplace to increase utilization and familiarity with cloud services.
Resources
Akamai Certification
The Akamai Intelligent Edge Platform has a FedRAMP Joint Authorization Board (JAB) Provisional Authorization to Operate (P-ATO) for a moderate baseline, as an infrastructure as a service (IaaS) provider.
Downloads / Links
Applicable Akamai Services
Dates / Term / Auditor
Akamai’s third-party assessor for FedRAMP is Coalfire Systems, Inc.
Akamai has been FedRAMP authorized since August 23, 2013, and undergoes annual assessments and continuous monitoring to remain compliant.
Q&A
How do I access Akamai’s FedRAMP documentation?
Customers can get the “Package Access Request Form” from the FedRAMP marketplace website.
What is Akamai’s FedRAMP Impact Level?
Akamai’s FedRAMP authorization is at the Moderate Impact level. According to FedRAMP, a Moderate Impact system comprises “nearly 80% of CSP applications that receive FedRAMP authorization and is most appropriate for CSOs where the loss of confidentiality, integrity, and availability would result in serious adverse effects on an agency’s operations, assets, or individuals. Serious adverse effects could include significant operational damage to agency assets, financial loss, or individual harm that is not loss of life or physical.”
At this time, Akamai has not sought FedRAMP authorization for the High Impact level.
Overview
The Information Security Registered Assessors Program (IRAP) is an Australian Signals Directorate (ASD) initiative to provide high-quality information and communications technology (ICT) security assessment services to the government. The Australian Cyber Security Centre (ACSC) within the ASD produces the Australian Government Information Security Manual (ISM). The purpose of the ISM is to outline a cybersecurity framework that organizations can apply to protect their information and systems from online threats.
The ISM consists of more than 600 security controls that define security requirements in more than 80 areas, such as:
Resources
Akamai Compliance
Akamai is assessed annually by an independent auditor for compliance with the IRAP Security Controls defined in the ISM. Akamai’s first IRAP assessment was conducted in early 2019. The assessment covered both Akamai’s production and corporate network environments, and the resulting compliance assessment report was completed by NJOY Security on April 8, 2019. The Executive Summary of Akamai’s IRAP Security Assessment and related letter from the IRAP Official Assessor is available subject to nondisclosure agreement (NDA).
Please contact your Akamai account team for more information.
Applicable Akamai Services
Dates / Term / Auditor
Akamai’s latest assessment was completed by NJOY on April 8, 2019
Overview
ISO/IEC 27001 formally specifies an Information Security Management System (ISMS), a suite of activities concerning the management of information risks. The ISMS is an overarching management framework through which the organization identifies, analyzes, and addresses its information risks. The ISMS ensures that the security arrangements are fine-tuned to keep pace with changes to the security threats, vulnerabilities, and business impacts — an important aspect in such a dynamic field.
Resources
This standard provides guidance aimed at ensuring that cloud service providers offer suitable information security controls to protect the privacy of their customers’ clients by securing the personally identifiable information (PII) entrusted to them.
The standard serves as a reference for selecting PII protection controls when implementing a cloud computing information security management system based on ISO/IEC 27001. It also provides guidance on implementing PII protection controls.
Resources
Akamai Certification
Identity Cloud obtained its latest ISO 27001 and 27018 certification on April 22, 2019.
Applicable Akamai Services
Dates / Term / Auditor
A-LIGN Assurance performs Akamai’s CSA Level 2, Type 2 Attestation.
Akamai’s latest assessment covers the period from May 1, 2018, through April 30, 2019, and is valid until May 1, 2020.
Q&A
Which regions are covered by Akamai’s ISO 27001/27018 compliance?
The ISO 27001/27018 certification of the Akamai Identity Cloud service covers all global regions except for the Russian Federation.
How do I obtain a copy of Akamai’s ISO 27001 and 27018 certifications?
Your account team can provide these certifications to you.
Overview
Payment Card Industry Data Security Standard (PCI DSS) compliance is required for any business that stores, processes, or transmits payment card data. Developed by the major credit card companies, the PCI DSS defines measures for ensuring data protection and consistent security processes and procedures around online financial transactions. Businesses that fail to maintain PCI DSS compliance are subject to steep fines and penalties.
As formulated by the PCI Security Standards Council, the mandate of PCI DSS compliance includes:
For large merchants and service providers that process high volumes of online financial transactions, PCI DSS compliance is enforced by annual validations performed by an independent Qualified Security Assessor (QSA).
Resources
Akamai Certification
Akamai’s Attestation of Compliance (AoC) serves as evidence for our customers that our in-scope services are compliant with the PCI DSS v. 3.2.1 security standard.
In connection with our PCI DSS compliance, Akamai performs a quarterly third-party external penetration test of the secure CDN. Results of these quarterly penetration tests, and compliance documentation and/or certification, are available for customers under nondisclosure agreement (NDA).
Downloads / Links
Applicable Akamai Services
Q&A
Is Akamai PCI DSS Certified?
Yes, Akamai is certified as a PCI DSS 3.2.1 Level 1 Service Provider, the highest level of assessment available. The compliance assessment was conducted by Specialized Security Services, Inc., an independent Qualified Security Assessor (QSA). The PCI DSS Attestation of Compliance and Responsibility Matrix are publicly available.
If my website is using Akamai, how can I be sure that it is PCI DSS compliant?
Customers are responsible for their own PCI DSS certification and should engage a Qualified Security Assessor (QSA) to validate their controls and obtain certification. Customers and their QSAs may rely on Akamai’s Attestation of Compliance for the portion of their cardholder data environment to use Akamai’s PCI DSS compliant services. Akamai’s PCI DSS Responsibility Matrix spells out the responsibilities of Akamai and our customers with respect to each of the PCI DSS requirements. Your account team may provide you with our PCI DSS Customer Configuration Guide, which provides more details as well.
Is Akamai listed on the Visa Global Registry of Service Providers and the MasterCard Compliant Service Provider List?
Yes. Akamai is listed on the lists provided by both Visa and MasterCard. This shows that Akamai has met all applicable program requirements of these major payment card companies.
Can I review an executive summary of Akamai’s quarterly Approved Scanning Vendor (ASV) vulnerability scans and external penetration tests?
Yes. Your account team may provide this information subject to standard non-disclosure agreement (NDA).
Overview
SOC (Service Organization Controls) is a security standard established by the American Institute of Certified Public Accountants (AICPA) that reports on controls that directly relate to the security, availability, processing integrity, confidentiality, and privacy at a service organization.
Resources
Akamai Certification
Akamai receives annual SOC 2 Type 2 reports, which demonstrate that our security controls are continuously audited over the course of the year.
Applicable Akamai Services
For the following services the Security and Availability Trust Service Principles are covered:
For the following service all Trust Service Principles are covered:
Dates / Term / Auditor
Akamai’s SOC 2 report covering the Security and Availability trust service principles is generated by Ernst & Young LLP and covers the period from January through September of each year.
The SOC 2 report for Akamai Identity Cloud, which covers all five trust service principles, is generated by A-LIGN and covers the period from May 1 through April 30 of each year.
Q&A
Who performs the independent audit of Akamai for its SOC 2 reports?
Ernst & Young LLP performs independent audits of Akamai’s core content delivery network solutions, which covers the Security and Availability trust service principles.
A-LIGN Assurance performs Akamai’s independent audit of the Akamai Identity Cloud, which covers all five trust service principles.
How do I get a copy of the SOC 2 report?
Your Akamai account team can provide you with a copy.
What regions are covered?
Akamai’s SOC 2 reports cover Akamai’s services as a whole, and are not limited to particular regions.
What period is covered by Akamai’s SOC 2 report?
Akamai’s SOC 2 report by Ernst & Young LLP covers the period from January 1 through September 30 of each year. Akamai’s SOC 2 report by A-LIGN Assurance covers the period from May 1 through April 30 of each year.
Do you have a bridge letter covering the period since the last covered period?
Your account team can provide you with a bridge letter covering the period from October 1 through December 31 of the previous year, with respect to the SOC 2 report by Ernst & Young LLP. Since the SOC 2 report by A-LIGN Assurance covers the full year, there is no need for a bridge letter in connection with this report.
How often are the Akamai SOC 2 reports issued, and when can I expect a new one?
Akamai’s SOC 2 report by Ernst & Young LLP is typically released in the fourth calendar quarter of each year.
Does Akamai have a certificate of SOC 2 compliance?
There is no certificate of compliance. Instead, qualified third-party assessors produce a report on compliance for the assessed organization, discussing its system description, scope, control descriptions for meeting common criteria, evidence, and suitability of the organization’s descriptions and evidence.
Why are there two different SOC 2 reports for Akamai?
Since the Akamai Identity Cloud service was part of Akamai’s acquisition of Janrain, Inc., in 2019, there are two different SOC 2 Type 2 reports — Ernst & Young LLP prepares the report covering our core CDN and security services and A-LIGN Assurance prepares our report for Akamai Identity Cloud.
Does Akamai have a SOC 1 report?
Akamai does not undergo a SOC 1 audit (focused on financial controls). Because Akamai is a U.S. publicly traded company, we are bound by Sarbanes-Oxley and other regulations to make our financial well-being publicly available. Customers and prospects may access our annual financial statements and 10-K forms on our Investor Relations website.
Overview
The Cloud Security Alliance Security Trust Assurance and Risk (STAR) Program encompasses key principles of transparency, rigorous auditing, and harmonization of standards. Companies who use STAR indicate best practices and validate the security posture of their cloud offerings.
The STAR registry documents the security and privacy controls provided by popular cloud computing offerings. This publicly accessible registry allows cloud customers to assess their security providers in order to make the best procurement decisions.
Resources
Akamai Assessment
As of July 2019, Akamai submitted a report documenting compliance with the Cloud Controls Matrix (CCM) as part of the CSA STAR Self-Assessment, an offering that documents the security controls provided by various cloud computing offerings, helping users assess the security of cloud providers.
The report is publicly available in the STAR registry. Akamai is committed to promoting transparency in the cloud services industry and providing customers with visibility into security practices.
Downloads / Links
Applicable Akamai Services
Q&A
When was Akamai's CSA STAR Self-Assessment?
Akamai’s latest CSA STAR Level 1 Self-Assessment is dated July 2, 2019.
Overview
ISO/IEC 27002:2013 is an information security standard published by the International Organization for Standardization (ISO) and by the International Electrotechnical Commission (IEC), referred to as information technology — security techniques — code of practice for information security controls.
ISO/IEC 27002:2013 gives guidelines for organizational information security standards and information security management practices including the selection, implementation, and management of controls taking into consideration the organization’s information security risk environment(s).
It is designed to be used by organizations that intend to:
Resources
Akamai Assessment
Akamai is assessed annually for compliance with ISO 27002, which defines controls around a company’s information security program. Our most recent ISO 27002 assessment was completed by CFGI in late 2018, and the report is dated February 28, 2019. An executive summary of that report is available to customers and partners subject to nondisclosure agreements (NDAs) with Akamai. Contact your account team for more information.
Applicable Akamai Services
Akamai’s ISO 27002 assessment applies to all Akamai offerings and our overall Information Security Program.
Q&A
When was Akamai’s ISO 27002 assessment?
CFGI completed Akamai’s latest ISO 27002 gap assessment February 28, 2019.
Can I obtain a copy of the assessment?
Your account team can provide you with an executive summary of our latest ISO 27002 assessment.
Overview
The National Institute of Standards and Technology (NIST) 800-53 security controls are generally applicable to U.S. Federal Information Systems. To ensure sufficient protection of confidentiality, integrity, and availability of information and information systems, Federal Information Systems typically go through a formal assessment and authorization process.
The NIST Cybersecurity Framework (CSF) is supported by governments and industries worldwide as a recommended baseline for use by any organization, regardless of sector or size. Agencies are now required to implement the CSF under the Cybersecurity Executive Order.
Resources
Akamai Assessment
The Akamai Intelligent Edge Platform has been validated by third-party testing performed against the NIST 800-53 controls as well as additional FedRAMP requirements. Akamai’s NIST authorization is at the Moderate Impact level.
See Akamai’s FedRAMP compliance page for more information about FedRAMP compliance, which includes the relevant NIST controls.
Downloads / Links
Overview
Facilitating the transfer of personal data between the European Union (EU) and the United States (U.S.), the EU–U.S. Privacy Shield is a framework that regulates transatlantic exchanges of personal data for commercial purposes. Its purpose is to ensure the personal data of EU citizens processed in the U.S. is protected at the same level as such data is protected when processed in the EU.
Resources
Akamai Assessment
Akamai’s processing activities are certified under the EU-U.S. Privacy Shield program and under the Swiss-U.S. Privacy Shield program.
Downloads / Links
Applicable Akamai Services
All processing activities relating to Akamai services are in scope of the Privacy Shield certification. Akamai’s internal HR processing activities are not covered.
In case customer HR data is part of the customer’s web properties and processed by Akamai in course of the provisioning of Akamai services, the processing of the customer HR data is covered by Akamai’s Privacy Shield certification. Such processing activities relate to the Akamai services and are not considered as Akamai internal HR processing activities.
Q&A
What’s the term of Akamai’s certification?
The certification cycle is one year. The current term is outlined in Akamai’s Privacy Shield certification.
