The contents of this document do not constitute legal advice and are not meant as a substitute for legal advice.
Please consult your company’s legal department for advice concerning Data Protection and Data Privacy regulations.
For more information about Adobe’s response to privacy issues, and what this means for you as an Adobe customer, see Adobe’s Privacy Center.
Adobe is providing documentation and procedures (with APIs when available), for the customer privacy administrator or AEM administrator to handle data protection and data privacy requests and help our customers be compliant with these regulations. The procedures documented will allow customers to execute the regulatory requests manually or by calling into APIs, where available, from an external portal or service.
The details documented here are restricted to Adobe Experience Manager as a Cloud Service.
Data from another Adobe On-demand Service, together with any related privacy requests, will require actions to be taken on that service.
For further information see Adobe’s Privacy Center.
Instances of Adobe Experience Manager as a Cloud Service, and the applications that run on them, are owned and operated by our customers.
As a consequence, data protection regulations, such as GDPR, CCPA, and others, are largely the responsibility of the customers.
As a very brief introduction, the regulations for data privacy and protection include new rules to be followed by the roles of:
Business Entities (CCPA) and/or Data Controllers (GDPR)
Service Providers (CCPA) and/or Data Processors (GDPR)
The main provisions in such regulations are:
Expanded definition of personal data to include all unique IDs; as in directly and indirectly identifiable data.
Strengthened consent requirements.
Increased focus on deletion rights (Data Erasure).
Opt-Out of Sale of Data.
For Adobe Experience Manager as a Cloud Service:
The instances, and applications that run on them, are owned and operated by the customer.
This effectively means that the customer manages the regulatory roles, including Business Entities and Service Provider, Data Controller, and Data Processor, amongst others.
The Adobe Experience Platform Privacy Service will not be part of the workflow for AEM, as illustrated in the diagram below.
AEM includes documentation and procedures for the customer’s privacy administrator and/or AEM administrator to execute the privacy regulation requests; either manually or through APIs, when available.
No new service or UI has been added.
AEM will not include any out-of-the-box tooling to support the privacy requests workflow.
Adobe is providing procedures for handling privacy requests related to Access, Delete and Opt-Out for Adobe Experience Manager as a Cloud Service. In some cases, there are APIs available that can be called from a customer developed portal or scripts to help with automation.
The following diagram illustrates what a privacy request workflow might look like (illustrated using Adobe Experience Manager 6.5):
Please see the sections below for regulatory documentation for product areas of AEM as a Cloud Service.
These Adobe Experience Manager as a Cloud Service integrations are with data protection and privacy (e.g. GDPR) ready services. No personal data from Adobe Target or Adobe Analytics is stored in AEM in relation to the integrations.
For further information see: