Amazon DSAR Guide: How to Request and Delete Your Personal Data
This guide walks you through filing a Data Subject Access Request with Amazon under GDPR, CCPA, and other applicable privacy regulations. You will find a ready-to-send email template, step-by-step portal instructions, response timeline expectations, and escalation procedures if Amazon fails to comply within the statutory deadline.
A DSAR is your legal right under modern privacy laws. It costs nothing to file and forces Amazon to reveal every piece of personal data they hold about you. This transparency is the foundation for informed decisions about your digital privacy, whether you choose to request deletion, limit processing, or pursue regulatory complaints.
Unlock Full Privacy Intelligence
Get deep-dive reports on every company that touches your data. SeekerPro members see breach timelines, DSAR success rates, and risk scores before anyone else.
Get Started FreeReady-to-Send DSAR Email Template
Copy this email template and send it to privacy@amazon.com. Replace the bracketed placeholders with your actual information. This template covers GDPR Article 15 access rights and CCPA Section 1798.100 simultaneously, ensuring your request is valid regardless of jurisdiction.
To: privacy@amazon.com
Subject: Data Subject Access Request - [YOUR FULL NAME]
Dear Amazon Data Protection Team,
I am exercising my right of access under Article 15 of the General Data Protection Regulation (GDPR) and Section 1798.100 of the California Consumer Privacy Act (CCPA). I request a complete copy of all personal data Amazon holds about me, including but not limited to:
- Account and profile information
- Usage and activity data
- Device identifiers and IP addresses
- Communication and support records
- Data shared with third parties (including names of recipients)
- Inferred or derived data and profiling information
- Retention periods for each data category
- Legal basis for each processing activity
Please provide this data in a structured, commonly used, machine-readable format (JSON or CSV preferred) as required by GDPR Article 20.
My account details: [YOUR EMAIL] / [YOUR USERNAME OR ACCOUNT ID]
I expect a response within 30 days as required by GDPR Article 12(3). Failure to respond within this period will result in a complaint to the relevant supervisory authority.
Regards,
[YOUR FULL NAME]
[YOUR EMAIL]
[YOUR ADDRESS - required for identity verification]
Step-by-Step: Amazon Privacy Portal
Amazon also provides an online portal for data requests. While the email method above creates a stronger paper trail for escalation purposes, the portal method is faster for standard access requests. Use the portal for initial access and the email method for deletion or complex requests that may require follow-up.
Portal URL: https://www.amazon.com/hz/privacy-central/data-requests
Visit Amazon Privacy Central
Click Request My Data
Select data categories
Verify identity through email
Wait for data compilation email
Download from provided link within 30 days
Unlock Full Privacy Intelligence
Get deep-dive reports on every company that touches your data. SeekerPro members see breach timelines, DSAR success rate...
Learn MoreAudit Your Site Free
Run a full privacy and compliance audit on any website in 60 seconds. NexusBro scans cookie consent, tracker behavior, a...
Learn MoreAutomate Privacy Compliance
Stop wasting hours on manual DSAR filings and cookie consent management. BliniBot handles the busywork so your team can ...
Learn MoreResponse Timeline and Escalation
Expected Response Time
30 days
Mark your calendar from the date you submit your request. If Amazon requests an extension, they must notify you within the initial period and provide a justification. Extensions beyond the statutory maximum are not permitted.
Escalation Path
If Amazon fails to respond:
File with Luxembourg CNPD (EU) or your state AG
Keep copies of all correspondence including your original request, any confirmation receipts, and follow-up communications. This documentation is essential for regulatory complaints and serves as evidence of non-compliance.
After You Receive Your Data
Review the response carefully. Compare the data provided against what you expected based on your usage of Amazon services. Common omissions include inferred data (profiling, risk scores, internal classifications), data shared with third parties, and retention period information. If the response is incomplete, send a follow-up requesting the missing categories specifically and reference your original request date.
Once you understand what data Amazon holds, you can make informed decisions: request deletion of unnecessary data, restrict processing to essential purposes only, withdraw consent for optional processing activities, or file regulatory complaints if you identify violations.
Consider using your DSAR response as a baseline for ongoing privacy monitoring. Filing periodic DSARs (quarterly or annually) helps you track how Amazon data practices evolve and ensures they comply with any deletion or restriction requests you have made.
Frequently Asked Questions
How long does Amazon take to respond to a DSAR?
Amazon must respond within 30 days. Under GDPR, the maximum response time is 30 days with a possible 60-day extension for complex requests. Under CCPA, the deadline is 45 days with a possible 45-day extension. If Amazon fails to respond within the statutory period, escalate to the relevant data protection authority using the path described above.
Can I request Amazon to delete all my data?
Yes. Under GDPR Article 17 (right to erasure) and CCPA Section 1798.105 (right to deletion), you can request Amazon to delete your personal data. Some data may be exempt from deletion due to legal obligations, fraud prevention, or contractual requirements, but Amazon must specify which data is retained and the legal basis for each retention.
What data does Amazon hold about me?
Amazon typically holds account information, usage data, device identifiers, IP addresses, payment information, communication logs, and behavioral analytics. The exact scope varies based on which services you use and your privacy settings. Filing a DSAR is the only way to get a complete picture of what Amazon holds about you specifically.
What if Amazon ignores my DSAR?
If Amazon fails to respond within the statutory deadline, escalate: File with Luxembourg CNPD (EU) or your state AG. Document your original request date, all follow-up communications, and any responses received. This documentation is critical for regulatory complaints and demonstrates a pattern of non-compliance that regulators take seriously.
Weekly Privacy Intelligence
Scandal alerts, breach notifications, DSAR deadlines, and protection guides. Join 2,400+ privacy-conscious professionals.
No spam. Weekly only. Unsubscribe anytime.
Protect Your Data Across Every Platform
Tools trusted by thousands of privacy-conscious users worldwide
No card charged today. Cancel anytime.