Privacy policy clauses for Akamai
Akamai is a content delivery network (CDN) and edge computing platform that caches and serves website content from servers located globally. Websites use Akamai to improve performance, reduce latency, and provide DDoS protection by routing user requests through Akamai's distributed infrastructure.
Free scan · No signup · Results in 60 seconds
What data Akamai collects
Your privacy policy must disclose each of the following data types when you use Akamai.
When does Akamai trigger privacy obligations?
Data flows that trigger obligations
The moment you route traffic through Akamai's edge network, your site or app begins collecting and transmitting IP addresses and HTTP request headers (User-Agent, Referer, Accept-Language, etc.) to Akamai's servers globally. This happens automatically—before any user interaction or consent.
Regulatory thresholds
GDPR (EU/UK/EEA users): IP addresses are personal data under GDPR Article 4(1). If your site receives traffic from EU residents, Akamai becomes a data processor. You must execute a Data Processing Agreement (DPA) compliant with GDPR Article 28 and ensure lawful basis exists (typically Article 6(1)(f)—legitimate interest in CDN performance/security). If you collect consent for analytics or advertising, request headers may reveal tracking intent.
CCPA (California users): IP address qualifies as personal information under CCPA Section 1798.100. California residents gain disclosure, deletion, and opt-out rights. You must update your privacy policy and honor consumer requests.
ePrivacy Directive (EU): Article 5(3) requires prior consent for non-essential cookies or tracking; Akamai does not set cookies by default, but if you layer analytics or security modules that do, disclosure becomes mandatory.
