[chasb]

Attempt at layman's terms:

The EU requires that data processors (like AWS) comply with certain privacy practices in order to transfer data between the EU and non-EU countries.

Much like HIPAA, the mechanism the EU uses is the requirement of a private contract. Here, it's called a Data Processing Addendum. In HIPAA, it's called a Business Associate Agreement.

Source: CEO of a private HIPAA PaaS on AWS, running EU customers w/ this Data Processing Agreement in place

[gingerlime]

Perhaps with your level of familiarity with HIPAA, this is layman's terms, but for people who might not even know what HIPAA is about, this is far out from layman's terms.

The first sentence kinda made sense, but the second one just made it far less clear in my opinion. Why should a layman care what it's called (or what the equivalent name might be in another form of regulation?). They're trying to understand what it's about. No?

For the record, I do know what HIPAA is (broadly), but unfortunately still don't think this explanation makes it easier for me to understand. If I was being cynical, I would say that the entire reason you posted the comment was to self-promote your HIPAA PaaS on AWS. I didn't downvote it to give you the benefit of the doubt.

[cdubzzz]

> If I was being cynical, I would say that the entire reason you posted the comment was to self-promote your HIPAA PaaS on AWS.

Haha that seems harsh. He didn't name the service after all.

[gingerlime]

> Haha that seems harsh. He didn't name the service after all.

It's only a click away to find out, and I'm not against self-promotion and plugging your service when it makes sense (although I find it better when it's acknowledged as such).

As I also said, I do want to give the benefit of the doubt, but I felt that the comment can easily be interpreted as empty self-promotion without much substance.