AWS Clean Rooms EU Alternative 2026: Joint Controller Art.26 Obligations, CLOUD Act Collaborative Intelligence, and the Privacy-Preserving Paradox

Post #797 in the sota.io EU Compliance Series

AWS Clean Rooms is the managed service that allows multiple organizations to analyze combined datasets without any party sharing their raw data with the others. The core use case is compelling: two retailers want to measure the overlap in their customer bases to evaluate a co-marketing campaign without either company disclosing their customer list to the other. A pharmaceutical company and a health insurer want to analyze patient outcomes across their combined datasets without the insurer sharing claims data with the pharma company or vice versa. A publisher and an advertiser want to measure campaign attribution across their combined audiences without the publisher exposing subscriber records to the advertiser.

Clean Rooms uses a cryptographic access control model: each participant contributes their data to the collaboration, defines analysis rules (called "configured tables" and "analysis rules") that specify what queries other participants can run, and receives only the query results — not the underlying raw data. AWS positions this as "privacy-preserving analytics" and frames Clean Rooms as the architecture that enables data collaboration while protecting participant data.

It is not in the AWS European Sovereign Cloud service catalog.

That absence matters — but the GDPR compliance challenges with AWS Clean Rooms run deeper than the ESC catalog gap. The structural design of a Clean Rooms collaboration — multiple organizations contributing personal data to a shared analytical environment operated by a US cloud provider — creates a set of GDPR obligations that the "privacy-preserving" framing obscures. This guide examines those obligations and the EU-sovereign alternatives that provide data clean room capabilities without the US-jurisdiction exposure.

What AWS Clean Rooms Does

AWS Clean Rooms provides a managed environment for multi-party data collaboration with cryptographic access controls.

Core components:

• Collaborations: A named grouping of two or more AWS accounts participating in joint analysis. The collaboration creator invites other accounts, defines which tables will be available, and establishes the governance rules. Each collaboration has a designated "query runner" who submits analysis queries.
• Configured Tables: Each participant's data contribution. A configured table maps to an AWS Glue Data Catalog table (backed by S3, Redshift, or other supported sources) and defines the analysis rules that govern what queries other participants can run against it. Analysis rules can require aggregation minimums (preventing queries that would reveal individual-level data), restrict allowable columns, and limit join operations.
• Analysis Rules: The access control layer within Clean Rooms. Aggregation rules require queries to aggregate data above a minimum count threshold (typically preventing identification of individual-level data). List analysis rules allow queries that return lists of matched identifiers. Custom analysis rules use AWS Clean Rooms ML to allow specific ML-based analyses.
• Memberships: Each participant joins a collaboration as a member. Members define their data contribution, accept the collaboration governance terms, and configure their own query execution environment.
• Query Results: The only output that crosses organizational boundaries. A query runner submits SQL against the combined dataset. AWS Clean Rooms executes the query under the analysis rules, applies any aggregation thresholds, and returns the result. The query runner sees the result but cannot access the other participants' raw data.
• Clean Rooms ML: An extension that allows collaborative ML model training and inference on combined datasets. Participants can train a Look-alike model (for finding similar audiences) using combined data without exposing training records to other participants.

Scale context: An online retailer and a streaming media platform participate in a Clean Rooms collaboration to evaluate whether customers who subscribed to the streaming service in the prior 90 days showed different purchase behavior at the retailer. The retailer contributes transaction records; the streaming platform contributes subscription records. Neither party sees the other's raw customer data. The query result shows purchase uplift metrics for the shared audience segment. Both parties' customer databases contain personal data — names, email addresses, purchase histories, viewing histories — that are contributed to the Clean Rooms environment and analyzed together, even though the raw records are not exchanged.

ESC status: AWS Clean Rooms is not in the AWS European Sovereign Cloud service catalog. A service designed specifically for collaborative analysis of sensitive personal data from multiple organizations operates without ESC-level data residency and operator access restrictions.

GDPR Issue 1 — Art. 26: Every Clean Rooms Collaboration Is a Joint Controller Arrangement

GDPR Art. 26 requires that when two or more controllers "jointly determine the purposes and means of processing" personal data, they must enter into a formal arrangement specifying their respective responsibilities for compliance with GDPR obligations — particularly obligations toward data subjects. AWS Clean Rooms, by its design, creates joint controller relationships that require Art. 26 agreements, and AWS provides no tooling to help you establish or document those agreements.

The joint controller determination: When two organizations participate in a Clean Rooms collaboration, they are jointly determining the purposes and means of processing personal data. They have agreed to combine their datasets for a specific analytical purpose (measuring campaign overlap, evaluating audience affinity, analyzing patient outcomes). They have jointly decided that the data will be processed in AWS Clean Rooms (the means of processing). They have agreed on the analysis rules that govern what queries can be run. This is the definition of joint determination of purposes and means — it is not controller-processor processing, and it is not independent parallel processing.

What Art. 26 requires for each collaboration:

• A formal arrangement (binding contract or agreement) between all participant controllers
• Clear allocation of data subject rights obligations: which controller handles Art. 15 (access), Art. 16 (rectification), Art. 17 (erasure), Art. 18 (restriction), Art. 20 (portability) requests for data subjects whose records appear in the collaboration
• The essence of the Art. 26 arrangement must be made available to data subjects
• Each controller remains liable to data subjects for the performance of obligations under the arrangement

The multi-party scaling problem: AWS Clean Rooms allows collaborations with more than two participants. A retail consortium with five member companies all contributing purchase data to a shared analytics environment creates a five-party joint controller arrangement requiring Art. 26 agreements between all parties. The combinatorial complexity of allocating responsibilities among five controllers — who handles erasure requests for a customer who appears in three of the five contributing datasets? — scales with the number of participants. AWS Clean Rooms manages the technical architecture of the collaboration. It provides no mechanism for establishing, storing, or documenting the Art. 26 agreements that the collaboration requires.

The AWS-as-processor layer: AWS is a data processor for all participants (it processes each participant's data under their instructions via the Clean Rooms service). But the joint controller relationship is between the participants themselves — AWS is not a party to it. The Art. 26 agreement must be between the organizations participating in the collaboration, and each organization is responsible for ensuring the agreement exists before the collaboration processes personal data. In practice, organizations frequently stand up Clean Rooms collaborations, integrate their datasets, and begin running analysis queries without having established formal Art. 26 agreements — relying on AWS's "privacy-preserving" positioning as a substitute for the required inter-controller compliance documentation.

Data subject notification: GDPR Art. 14 requires that data subjects be informed when their personal data is collected from sources other than directly from them. A data subject whose purchase records at Retailer A appear in a Clean Rooms collaboration with Streaming Platform B is having their data combined with external records and analyzed in a new context — a processing activity that is likely beyond the scope of the privacy notice they received from Retailer A or Streaming Platform B. Art. 14 notification obligations for the collaborative processing must be satisfied, and the Art. 26 arrangement must specify which controller handles this notification. AWS Clean Rooms does not trigger or facilitate Art. 14 notifications.

GDPR Issue 2 — CLOUD Act: Combined Dataset Intelligence Is More Sensitive Than Either Source

The CLOUD Act allows US authorities to compel US-headquartered cloud providers to disclose data stored anywhere in the world, including in EU-based AWS regions. For AWS Clean Rooms, the CLOUD Act exposure operates at a qualitatively different level than single-organization cloud processing: the intelligence derivable from combined datasets from multiple organizations is substantially more sensitive — and substantially more valuable to adversarial actors — than either contributing dataset alone.

The combinatorial exposure: Each participant in a Clean Rooms collaboration contributes personal data that, in isolation, reveals limited information about the subjects. The streaming platform's subscription records show who subscribes, when, and at what price tier. The retailer's transaction records show who buys, what products, and at what frequency. Neither dataset alone reveals the relationship between media consumption and purchasing behavior. The Clean Rooms collaboration makes that relationship visible — and the query results that reveal it represent combined analytical intelligence that neither party could produce independently.

What CLOUD Act compelled disclosure reaches: Under CLOUD Act, a US law enforcement agency can compel AWS to produce:

• The query results generated within a Clean Rooms collaboration (the combined intelligence)
• The metadata about the collaboration (which organizations participate, what analysis rules are in place, what queries have been run)
• The query history (revealing what questions the participants asked about the combined dataset)
• The configured table definitions (revealing what personal data each participant contributed)
• Potentially the underlying data in S3 or Redshift backing each configured table, accessible via existing AWS access mechanisms

The query history is particularly sensitive. A pharmaceutical company and a health insurer running 200 queries over six months against their combined patient dataset have generated a detailed record of what health-outcome correlations they were investigating. That query history, compelled under CLOUD Act, reveals confidential research priorities, commercial strategies, and analytical hypotheses that neither organization intended to disclose.

The multi-sector exposure in health and financial data: AWS Clean Rooms is actively marketed for healthcare data collaboration (linking claims data with clinical records for outcomes research), financial services (linking transaction data with credit data for risk modeling), and advertising technology (linking publisher data with advertiser data for attribution). All three sectors involve Art. 9 special category data (health data), highly sensitive financial data, and large-scale systematic processing of behavioral data. The combination of CLOUD Act exposure with the high-sensitivity nature of Clean Rooms use cases creates the precise scenario that EU data protection authorities have identified as requiring the highest level of protection — systematic, cross-controller analysis of sensitive personal data operated by a US-jurisdiction provider.

The ESC gap for collaborative intelligence: Because Clean Rooms is not in the ESC catalog, the enhanced operator access restrictions that limit AWS employee access to ESC services do not apply to the collaborative environment. The query results — the combined intelligence from multiple organizations' personal data — are stored in AWS-managed infrastructure under standard access policies. For collaborations involving Art. 9 health data, the absence of ESC-level protections for the combined analytical output represents a significant compliance gap.

GDPR Issue 3 — Art. 22: Collaborative Analysis Without Attribution Feeds Automated Decisions

GDPR Art. 22 prohibits subjecting data subjects to decisions based solely on automated processing that produce significant effects on them, unless Art. 22's conditions (explicit consent, contractual necessity, or EU law authorization) are met and appropriate safeguards are implemented. AWS Clean Rooms creates an Art. 22 exposure through the pipeline from collaborative analysis to automated decision-making.

The typical pipeline: An insurer and a healthcare network collaborate in Clean Rooms to analyze correlations between lifestyle retail purchasing patterns (insurer's credit card partner data) and claims frequency (insurer's own claims data), linked against the healthcare network's patient records. The analysis identifies purchasing patterns predictive of specific health conditions. The insurer then uses these purchasing-pattern signals as features in its automated underwriting model. The underwriting model makes coverage and pricing decisions affecting individual policyholders.

The data subject whose retail purchase records appear in the Clean Rooms collaboration — and whose purchasing patterns influenced the underwriting model's features — is subject to an automated decision (insurance pricing or coverage determination) that is materially affected by the collaborative analysis. But they are not aware that their purchase data was used in the Clean Rooms collaboration, they were not given the opportunity to object, and the causal chain from "my purchase of product X contributed to a feature in the underwriting model via a Clean Rooms collaboration I was never told about" is not visible to them.

The attribution collapse problem: In a multi-party Clean Rooms collaboration, the query results that drive downstream decisions do not carry provenance information identifying which contributor's data generated which analytical signal. The combined analysis output — "customers with characteristic X show Y% higher claims frequency" — does not identify whether the X characteristic came primarily from participant A's dataset, participant B's dataset, or the combination of both. When this combined output feeds automated decision-making systems, the causal attribution chain required for Art. 22 compliance (identifying the processing that generated the relevant output) breaks down.

Clean Rooms ML and Art. 22: AWS Clean Rooms ML allows training Look-alike models on combined datasets. A trained Look-alike model is an automated system that, when presented with a new individual's characteristics, assigns a probability score representing that individual's similarity to a target audience. This probability score is frequently used to make automated decisions about which marketing messages, financial product offers, or content recommendations to show that individual. A Look-alike model trained on a Clean Rooms collaboration between a bank and a retailer, used to score individuals for credit card offer targeting, is an automated decision-making system built on multi-party collaborative personal data analysis. The Art. 22 obligations — impact assessment, human review mechanism, data subject rights to explanation — apply to the model's outputs, and the Art. 26 arrangement between the bank and the retailer must specify who is responsible for satisfying them.

GDPR Issue 4 — Art. 17: Derived Insights Survive Contributor Data Deletion

GDPR Art. 17 grants data subjects the right to erasure of their personal data. AWS Clean Rooms creates a structural erasure gap: when a data subject's records are deleted from a contributing participant's source dataset, the analytical insights derived from that data in prior Clean Rooms queries remain with the other participants.

The insight retention problem: Participant A and Participant B run 150 queries over three months against their combined dataset in a Clean Rooms collaboration. The query results — aggregated statistics, audience overlap percentages, behavioral correlations — are stored by the query runner (Participant B). Participant A then receives an Art. 17 erasure request from a data subject whose records were included in the collaboration's source data. Participant A deletes the individual's records from their configured table in S3. The deletion satisfies Participant A's erasure obligation for the raw source records.

But Participant B retains the 150 query results that were derived from the combined dataset including the deleted individual's records. Depending on the aggregation threshold configured in the analysis rules, those query results may or may not reflect the deleted individual's specific contribution — but if they were generated before the deletion, they represent analytical insights derived from personal data that no longer exists at source. GDPR Art. 17 does not automatically extend to derived analytical outputs held by third parties. Participant B has no Art. 17 obligation to delete their query results because the Art. 17 right belongs to the data subject against the controller, and Participant B (as a joint controller) received the results lawfully under the collaboration arrangement.

The Art. 26 arrangement gap: Handling Art. 17 erasure requests across a joint controller arrangement requires the Art. 26 agreement to specify: what happens to query results retained by the query runner when a contributing participant deletes data? Do query results need to be invalidated? Does the query runner need to re-run queries on the reduced dataset? Who bears the cost and operational burden of post-deletion query invalidation? AWS Clean Rooms provides no technical mechanism for "invalidate all query results that included records from this data subject" — that cross-participant coordination must be established in the Art. 26 arrangement and implemented operationally.

The Clean Rooms ML erasure problem: If a Look-alike model has been trained on a combined dataset through Clean Rooms ML, and a data subject whose records were in the training data submits an Art. 17 erasure request, the erasure obligation extends to the trained model (if it is possible that the model encodes information about the individual). Machine unlearning — removing the influence of a specific training record from a trained model — is technically complex and not supported by AWS Clean Rooms ML. The standard response (retraining the model without the deleted individual's records) requires re-running the entire Clean Rooms collaboration, which may be operationally impractical and which requires coordination with all participating controllers under the Art. 26 arrangement.

GDPR Issue 5 — Art. 35: DPIA Is Mandatory for Systematic Cross-Controller Data Combination

GDPR Art. 35 requires a Data Protection Impact Assessment before processing that is "likely to result in a high risk to the rights and freedoms of natural persons." EDPB guidelines identify several processing characteristics that individually trigger a DPIA recommendation; combining multiple triggers in a single processing operation makes a DPIA mandatory. AWS Clean Rooms collaborations typically combine at least three of these triggers simultaneously.

The DPIA triggers in a typical Clean Rooms collaboration:

Trigger 1 — Systematic combination of data from multiple sources (EDPB criterion 8): EDPB guidelines explicitly identify "combining or matching data from multiple sources" as a criterion that recommends DPIA. A Clean Rooms collaboration combining two organizations' customer datasets is textbook criterion 8 processing. When this combination involves large-scale processing (criterion 4 — large scale processing of sensitive data) and systematic evaluation of personal aspects of natural persons (criterion 1 — evaluation or scoring), all three criteria are met simultaneously. The EDPB's general rule is that processing meeting two or more criteria requires a DPIA. Three simultaneous triggers make a DPIA not just recommended but obligatory under most DPA guidance.

Trigger 2 — Processing of special category data at scale (EDPB criterion 4): Healthcare Clean Rooms collaborations (linking claims with clinical records), financial data collaborations (linking credit records with transaction data), and behavioral analytics collaborations (linking advertising data with subscriber profiles that may include inferred health or political opinions) involve Art. 9 special category data or data that can be combined to infer Art. 9 attributes. Large-scale processing of special category data is one of the DPIA triggers listed explicitly in Art. 35(3)(b).

Trigger 3 — Evaluation and profiling (EDPB criterion 1): Clean Rooms collaborations are typically designed to evaluate data subjects — measuring which customer segments respond to marketing, which patients show specific outcome correlations, which subscribers exhibit specific behavioral patterns. Systematic evaluation of personal characteristics of natural persons to make inferences about them triggers a DPIA recommendation under EDPB criterion 1.

The DPIA scope challenge: A DPIA for a Clean Rooms collaboration must cover the processing performed by all participants jointly — not just the processing performed by the organization conducting the DPIA. An organization conducting a DPIA for its participation in a Clean Rooms collaboration cannot fully assess the risks of the collaborative processing without understanding what the other participant(s) are doing with the query results. The DPIA must address the entire joint controller arrangement, including the downstream uses of analytical outputs by other participants, the data subject rights mechanisms across the arrangement, and the risks arising from the combined dataset intelligence rather than from each participant's individual dataset.

AWS Clean Rooms does not facilitate DPIA documentation, does not provide risk assessment tooling for collaborations, and does not require participants to document the DPIA before activating a collaboration. The technical barriers to standing up a Clean Rooms collaboration are low — an AWS account, a Glue Data Catalog table, and an invitation to another account. The GDPR barriers are substantial and frequently not implemented.

EU Alternatives to AWS Clean Rooms

Decentriq (EU-Sovereign Clean Room Platform)

Decentriq is a Swiss privacy-enhancing technology company that provides a clean room platform built specifically for EU data sovereignty requirements. The Decentriq platform uses confidential computing — hardware-level Trusted Execution Environments (Intel SGX) — to ensure that even Decentriq's own operators cannot access the data inside a collaboration. Data is encrypted in transit and at rest, and the TEE provides cryptographic attestation that code running inside the enclave is the expected code and that no unauthorized parties can access the underlying data.

EU alignment advantages: Decentriq is headquartered in Zurich, Switzerland (EU adequacy decision in place). The platform is designed from the ground up with GDPR compliance as a core requirement, not an afterthought. Decentriq provides Art. 26 agreement templates for collaboration participants, DPIA documentation support, and explicit data protection agreements designed for EU regulatory requirements. The confidential computing architecture addresses the CLOUD Act concern at the technical layer: data inside a TEE is encrypted in a way that prevents access even by the hardware operator, creating a technical barrier that is stronger than contractual commitments alone.

Use cases: Healthcare outcomes research (pharmaceutical companies, health insurers, clinical research organizations), financial services risk modeling (banks, credit bureaus, payment processors), advertising attribution (publishers, advertisers, DSPs), retail collaboration (category management, supplier analytics).

Self-hosting consideration: Decentriq is a managed platform. Organizations requiring full on-premises deployment for the most sensitive use cases (classified health data, regulated financial data) can deploy the open-source confidential computing stack (Intel SGX + GRAMINE) to build custom clean rooms on EU-sovereign infrastructure.

BastionAI / Concrete ML (Zama, French)

Zama is a French cryptography company that builds open-source homomorphic encryption and federated learning tools. Their Concrete ML library enables machine learning on encrypted data — models can be trained and inference can be run without ever decrypting the underlying data. For Clean Rooms use cases involving ML model training (equivalent to Clean Rooms ML), Concrete ML provides a cryptographically sound alternative that operates entirely within EU-sovereign infrastructure.

Technical approach: Fully Homomorphic Encryption (FHE) allows computation on encrypted data. A model trained with Concrete ML operates on ciphertexts — it never sees the plaintext personal data. The query results (model outputs) can be decrypted only by the party holding the decryption key. This provides a stronger privacy guarantee than AWS Clean Rooms' access-control-based approach: even if an adversarial actor gains access to the computation environment, they cannot read the underlying data because it was never decrypted.

EU deployment: Concrete ML is open-source (Apache 2.0 license) and can be deployed on any EU-sovereign infrastructure — Hetzner, Scaleway, OVH Cloud, or on-premises. No US-jurisdiction cloud provider is involved.

OpenMined PySyft (Open-Source Federated Learning)

OpenMined is a non-profit organization that builds open-source privacy-preserving machine learning tools. PySyft is their Python library for federated learning and privacy-preserving data science. In a PySyft architecture, data never leaves the owner's infrastructure — instead, model training occurs locally on each participant's data, and only model gradients (not raw data) are exchanged to aggregate learning across participants.

Clean Room equivalent: PySyft's Data Owner/Data Scientist model directly implements the Clean Rooms use case: a data scientist submits queries against a data owner's dataset, but the data owner controls what queries are allowed and what results are returned. Multiple data owners can participate in a federation. The data owner reviews and approves query requests before execution, maintains full control over their data, and receives only the analytical results.

EU deployment: PySyft is open-source (Apache 2.0) and can be self-hosted on EU-sovereign infrastructure. OpenMined provides Syft Grid, a managed federated learning infrastructure for organizations that want a hosted solution without managing the infrastructure themselves. European healthcare and research consortia use PySyft for multi-site clinical trial data analysis and federated genomics research.

Self-Hosted Approach: PostgreSQL + Row-Level Security + Purpose-Limited DB Users

For organizations whose Clean Rooms use case is primarily SQL-based analytics (audience overlap measurement, attribution analysis, behavioral correlation), a self-hosted PostgreSQL deployment with Row-Level Security (RLS) and purpose-limited database users can replicate the core Clean Rooms access control model on EU-sovereign infrastructure.

Architecture: Each participant's data is imported into separate schemas within a shared PostgreSQL database. Row-Level Security policies enforce that each participant's data is only visible to authorized queries. Purpose-limited database users are created for each collaboration query type — an "attribution_analysis" user that can execute specific pre-approved queries against the combined schema but cannot access raw individual records. Views that enforce aggregation minimums (equivalent to Clean Rooms' aggregation analysis rules) are created for each collaboration.

EU sovereign deployment: PostgreSQL is open-source and can be deployed on any EU infrastructure. Hetzner Cloud (German, GDPR-compliant), Scaleway (French, EU-sovereign), OVH Cloud (French, ISO 27001 + GDPR) provide managed PostgreSQL services with EU data residency guarantees, no US-jurisdiction exposure, and Art. 28 processor agreements appropriate for personal data processing.

Limitation: This approach requires more operational work than managed Clean Rooms. The access control model (RLS policies, purpose-limited users, aggregation-enforcing views) must be implemented and maintained manually. It does not provide cryptographic guarantees against a database administrator with full access rights. For collaborations involving Art. 9 special category data, additional technical measures (encryption at the field level using pgcrypto, audit logging, access monitoring) are advisable.

AWS European Sovereign Cloud: Clean Rooms Is Not in the Catalog

AWS Clean Rooms is absent from the AWS European Sovereign Cloud service catalog. This means:

No enhanced operator access restrictions for collaborative intelligence: The query results generated within a Clean Rooms collaboration — the combined analytical intelligence from multiple organizations' personal data — are stored in AWS-managed infrastructure under standard AWS operator access policies. ESC-level commitments (AWS employees with relevant EU residency and clearance requirements, technical barriers to unauthorized access, enhanced contractual commitments) do not apply.

No ESC-level data residency for the collaboration environment: The Clean Rooms service infrastructure — the query engine, the access control layer, the result storage — operates outside the ESC framework. For organizations that have selected eu-west-1 (Ireland) or eu-central-1 (Frankfurt) for data residency, the absence of ESC coverage for Clean Rooms means the collaborative processing layer lacks the enhanced residency guarantees applied to their other AWS workloads.

The governance documentation gap: Organizations conducting GDPR Art. 35 DPIAs for Clean Rooms collaborations must document the absence of ESC coverage as a processing risk factor. The risk assessment must address the question: "What is the residual risk from operating the combined-dataset analytical environment outside the ESC framework?" For collaborations involving Art. 9 special category data, this residual risk is likely to require either compensating technical controls (supplementary encryption, tokenization of the contributing datasets) or, in high-risk assessments, a conclusion that the processing cannot proceed on the current technical architecture.

Migration Path: Clean Rooms to EU-Sovereign Collaborative Analytics

Step 1 — Catalog your existing Clean Rooms collaborations. Identify all active collaborations: participating organizations, contributing datasets, query patterns, and downstream uses of query results. This catalog is the prerequisite for both the Art. 26 agreements (which must be established for each collaboration) and the Art. 35 DPIA (which must be conducted before the collaboration continues).

Step 2 — Establish Art. 26 arrangements. For each collaboration, execute formal Art. 26 joint controller agreements with all participating organizations. The agreements must allocate data subject rights responsibilities (which controller handles Art. 15/17/20 requests for subjects appearing in the collaboration), specify the retention period for query results held by each party, and address the erasure-of-derived-insights question explicitly.

Step 3 — Conduct DPIAs. Conduct DPIA for each collaboration that meets two or more EDPB criteria (systematic combination, large scale, special category data, profiling). Document the CLOUD Act risk and the absence of ESC coverage as risk factors. If the DPIA identifies high residual risk that cannot be mitigated by compensating controls, the collaboration must either migrate to a privacy-enhancing technology (Decentriq/PySyft/Concrete ML) or be suspended.

Step 4 — Migrate query patterns to EU-sovereign alternatives. For collaborations where DPIA assessment indicates unacceptable residual risk on AWS Clean Rooms, migrate to Decentriq (for managed clean room capabilities with hardware-level guarantees), OpenMined PySyft (for ML-based collaboration with full self-hosted EU deployment), or a self-hosted PostgreSQL RLS architecture (for SQL-based analytics with EU-sovereign infrastructure).

Step 5 — Update Art. 30 records and privacy notices. Each existing Clean Rooms collaboration represents a processing activity that must appear in Art. 30 Records of Processing Activities documentation for both controllers. Privacy notices for data subjects whose records participate in collaborations must be updated to describe the collaborative processing and the Art. 26 joint controller arrangement.

Conclusion

AWS Clean Rooms provides technically sophisticated privacy-preserving collaborative analytics. The cryptographic access controls that prevent raw data sharing between participants are real and valuable. The "privacy-preserving" positioning accurately describes what Clean Rooms does at the data exchange layer.

What it does not do is satisfy the GDPR obligations that arise from the collaboration itself. Every Clean Rooms collaboration is a joint controller arrangement requiring Art. 26 agreements. Every collaboration combining multiple organizations' personal data at scale is likely subject to a mandatory Art. 35 DPIA. The CLOUD Act reaches the combined analytical intelligence generated within the collaboration — intelligence more sensitive than any single contributor's dataset. Art. 17 erasure requests create structural cross-controller coordination obligations that Clean Rooms provides no tooling to resolve. And Clean Rooms' absence from the AWS European Sovereign Cloud catalog means the collaborative environment operates without the enhanced protections that ESC provides for the rest of an organization's AWS workloads.

Decentriq, BastionAI's Concrete ML, and OpenMined PySyft address the same collaborative analytics use cases with architectures that are EU-sovereign by design, built with EU regulatory requirements as a starting premise rather than a compliance checkbox. For organizations processing sensitive personal data in collaborative analytics contexts — healthcare, financial services, advertising — the migration from AWS Clean Rooms to EU-sovereign alternatives is both a compliance improvement and a reduction in the complex inter-controller obligations that the current architecture creates.

sota.io deploys your container workloads — including custom analytics infrastructure — on EU-sovereign servers, giving you data residency control without the managed-service compliance trade-offs.