Data Protection Policy

[elcolumbio]

I have some thoughts about the data protection policy and the direct touchpoint with our python sdk.

The Data Protection Policy ("DPP") governs the treatment (e.g., receipt, storage, usage, transfer, and disposition) of the data vended and retrieved through the Marketplace APIs (including the Marketplace Web Service APIs)
https://docs.developer.amazonservices.com/en_US/dev_guide/DG_DataProtectionPolicy.html

That is a huge responsibility all developers face. Our responsibility could be somewhere from creating awareness upto nudge developer into best behaviour.

Just one example for the use of customer information. It can only be used for tax and shipping purposes, not for advertising.

Citing points from the link above which are close to the functionality we provide:
General Security Requirements
3. Encryption in Transit -> we use HTTPS
Additional Security Requirements Specific to Personally Identifiable Information

1. Data Retention and Recovery -> see in my action plan
2. Logging and Monitoring. -> especially for logging the access to the mws api (probably not possible without knowing the type of your role based user system)

Actions we could take right now:

• put the link of acceptable use and data protection policy in our readme and docs and apis which are mainly for personal data.