MattSM 11 Posted January 22 Share Posted January 22 Hello, Does anyone know the legal/privacy ramifications of this policy update? I opened my account from a country outside of the US, Canada, or Brazil (I'm in Switzerland), so my account was handled by Evernote's Swiss subsidiary. Now that it's apparently being migrated to a subsidiary in the US (along with everyone else who isn't based in the 3 aforementioned countries), what does that change? I'm not sure about the assurances of "no impact on your use of the Evernote Service", as I'm fairly certain privacy and data protection laws are different in the US. Any thoughts? Link to comment
Level 5* gazumped 11,772 Posted January 22 Level 5* Share Posted January 22 Hi. Evernote is as subject to European GDPR under the new rules as is the rest of the Bending Spoons group. Link to comment
krnlhkr 16 Posted January 27 Share Posted January 27 You kind of have to dig down into the weeds on this one. Quote When you sync your computing device with the Evernote Service, that data will be replicated on servers maintained in the United States. This means that if you store information in or submit data to the Evernote website or Evernote Software and sync such Evernote Software with the Evernote Service, you acknowledge your personal data will be transmitted to, hosted, and accessed in the United States. Data privacy laws or regulations in your home country may differ from, or be more protective than, those in the United States. We will collect, store, and use your personal data in accordance with this Privacy Policy and applicable privacy laws, wherever it is processed. I read "applicable privacy laws, wherever it is processed" to mean that when the data hits the US and is stored, they will follow US privacy laws. That would imply your data can be opened by court order (search warrant) or a request by a three-letter agency (e.g., NSA). Being in the US, everything I have on Evernote is also in my computer which is subject to the same laws, so it doesn't affect me, but it definitely may affect you. However, what does affect me is that the US has very liberal free speech laws like other places have very good privacy laws. Thinking about how their policy affects my free speech leads me to this: Quote You have control over who sees your Content. We limit the use of your Content to make sure that no one at Evernote can view it unless you expressly give us permission or it’s necessary to comply with our legal obligations. Specifically: .... If we become aware of a potential violation of the Terms of Service or User Guidelines, we may suspend or close your account until the problematic material is removed. Under such a circumstance, we would only look at the Content in your account if you give us consent or if necessary to comply with our legal obligations, including to protect the safety of you or any other person So Evernote can look at our content if "necessary to comply with our legal obligations" - i.e., the ToS and UG which are "legal obligations". And what do the user guidelines say? Quote You Won’t Use Shared or Public Notebooks to Post Objectionable Content. Don’t upload, publish or display Content that contains nudity, sexually graphic material or material that is otherwise deemed explicit by Evernote; that Evernote deems threatening, abusive, harassing, defamatory, libelous, obscene, invasive, hateful or racially, ethnically or otherwise objectionable; or that Evernote determines conflicts with your obligations under applicable local law or these User Guidelines. in other words, to comply with their "legal obligations" which by definition include ToS and UG (since those are part of the binding contract), Evernote could look at our data. If they find something "objectionable" that may be a problem for them. This isn't Evernote specific, but common to many services these days. Evernote has become the arbiter is what is objectionable. Illegal is one thing - this refers to "objectionable", and what determines "objectionable" is subject to Evernote's whim and ill-defined. So what interests me is that I can't say what I want in my notes if Evernote doesn't like it. 2 Link to comment
krnlhkr 16 Posted January 27 Share Posted January 27 On 1/22/2024 at 7:48 AM, gazumped said: Hi. Evernote is as subject to European GDPR under the new rules as is the rest of the Bending Spoons group. Working for a multi-national company based in the US but subject to GDPR laws for our European customers I can say this. My company has customer data servers in Europe specifically to comply with those laws. We have internal policies that we cannot transfer the data to the US. We have training every year to remind us that GDPR data needs special handling. If data is on a US server, if the US gov't wants it, it will probably get it. I don't think a US court is going to honor European law (nor would I expect a European court to honor US law). The data is now on US servers according to their policies. Hopefully Evernote will implement E2E encryption options on our notes. It won't help me much in the US because they'll just seize my computer, but should help European users if they are concerned. Link to comment
Evernote Expert agsteele 2,976 Posted January 27 Evernote Expert Share Posted January 27 If you are concerned about these changes you should consult a lawyer who specialises in contracts and privacy. It might be cheaper to find a service which offers you something you are at ease with. 1 Link to comment
AlbertR 571 Posted January 27 Share Posted January 27 1 hour ago, krnlhkr said: I read "applicable privacy laws, wherever it is processed" to mean that when the data hits the US and is stored, they will follow US privacy laws. Yep - but this has not been changed with the transfer to Bending Spoons. It has been subject of their rules all the time. 57 minutes ago, krnlhkr said: The data is now on US servers according to their policies. Data is stored on Google servers that might follow any tax law decisions to save money 😉. 57 minutes ago, krnlhkr said: Hopefully Evernote will implement E2E encryption options on our notes. E2E encryption between clients and server(s) is implemented. Nobody can linger on your data during transfers. But data is NOT encrypted on server site inside EN-sphere. There was a discussion around this before some years (*) because users enquired EN to simply encrypt all note content by default so that only users can manage it. IIRC EN refused to do so because it would be impossible to search note content on server site - and EN support would not have a chance to help on questions around content problems 🤔 (*) see for example: Crypting notebooks on server or local EN servers possible? - Evernote Teams Requests from 2016 as a follow-up of Evernote notebook encryption alternative - Evernote for Android Issues (2014) and some others Remarkable statement of @jefito found in last mentioned thread: Evernote *could* do full notebook encryption. They chose not to, awhile back. Maybe they'll change their mind in the future, maybe not. 1 Link to comment
Evernote Expert agsteele 2,976 Posted January 27 Evernote Expert Share Posted January 27 I should have added that there are regional specific terms relating to privacy. These include California and Europe. For Europe it says: Quote Europe Users residing in the European Economic Area (“EEA”), the United Kingdom (“UK”), or Switzerland are afforded certain additional rights with respect to their personal data under applicable data protection laws, including Regulation (EU) 2016/679 – General Data Protection Regulation (“GDPR”). For the full text see: https://evernote.com/privacy/regional dated 1 January 2024 1 Link to comment
MattSM 11 Posted January 27 Author Share Posted January 27 Thank you, @agsteele — that's particularly helpful, since I'm based in Switzerland. 👍 Link to comment
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now