I'm sure they could be doing better, but I notice that Amazon has a region in Frankfurt specifically to address German data protection concerns.
There are Amazon employees who could be ordered by the US of A to break German law and extract data from customers at the Frankfurt site. In my judgment, the chance of their being prosecuted in Germany would be indistinguishable from 100%, so the real question is, has Amazon set up its organization such that people who are safely in the US can access such data.
They'd immediately lose a large chunk of the EU customers that stored data in Frankfurt just because of EU data protection concerns. So I don't think AWS would take the risk of the USA being able to force an employee to disclose data.
I wonder if they already separate privileges between regions so one rogue employee can't take down all of their regions.
An Amazon employee told me that people outside govcloud (Amazon's special region for the US government) are/were technically prevented from accessing it, so the technical ability appears to be there.
There are Amazon employees who could be ordered by the US of A to break German law and extract data from customers at the Frankfurt site. In my judgment, the chance of their being prosecuted in Germany would be indistinguishable from 100%, so the real question is, has Amazon set up its organization such that people who are safely in the US can access such data.