Changes to the Amazon Selling Partner Acceptable Use and Data Protection Policies


#1

What is changing?

We are making clarifications and updates to the Amazon Acceptable Use and Data Protection policies governing the appropriate use of the Selling Partner API and Amazon Marketplace Web Service (Amazon MWS). These updates will go into effect on January 1, 2021. We have published the redlined versions of these policies at the links below for your convenience.

Acceptable Use Policy (effective January 1, 2021)

Data Protection Policy (effective January 1, 2021)

Key Updates

Acceptable Use Policy

  • We modified policy language due to the launch of the new Selling Partner API.

  • We split the Data access and usage section into two separate sections, and created a new section: Use data for acceptable purposes.

  • We updated our abuse reporting email alias to spapi-abuse@amazon.com.

  • Account access: We added requirements regarding requests for data obtained through Seller Central and Vendor Central.

  • Data access: We added requirements regarding the disclosure of organizational changes that impact data access needs.

  • Data usage: We added additional acceptable and unacceptable data uses and practices.

  • Data sharing: We modified our data sharing clause and established data sharing requirements.

  • API-specific policies: We added a section to include policies applicable to Selling Partners who use specific APIs.

Data Protection Policy

  • We modified policy language due to the launch of the new Selling Partner API.

  • We clarified requirements in the Network Protection, Incident Response Plan, Data Governance, Data Retention, and Logging and Monitoring sections.

  • We moved the Asset Management section from the Data Governance section to its own section.

  • Least Privileged Principle: We moved the Least Privilege Principle section from the Personally Identifiable Information section to the General Security Requirements section.

  • Password Management: We added requirements around password length and complexity.

  • Secure Coding: We added requirements around secure coding including prohibiting the use of passwords and sensitive data keys in code, and protecting public code repositories.

  • Vulnerability Management: We added requirements around vulnerability scanning and remediation.

Which marketplaces are affected?

This change applies to all marketplaces.

Who is affected?

All developers who use the Selling Partner API and Amazon MWS are affected.

What action is required?

Update your applications by January 1, 2021 if the changes to the Acceptable Use Policy or Data Protection Policy impact your applications.

As always, our goal is to help Amazon Selling Partners and Developers to succeed with Amazon and grow your businesses around the world. Thank you for being an Amazon Selling Partner API Developer.


closed #2

pinned #3