Which regulatory agencies enforce this type of clause?

{'agency': 'State_AG', 'reason': 'EU and UK users affected by cross-border transfer issues should contact their national Data Protection Authority; U.S. state AGs handle state-level consumer protection concerns.', 'complaint_url': 'https://www.naag.org/find-my-ag/'}

What is the severity of this clause?

ConductAtlas classifies this International Data Transfer — Consent by Access clause as high severity. Severity reflects the magnitude of rights affected, the breadth of users impacted, and the degree of discretion the platform retains.

International Data Transfer — Consent by Access — Craigslist

Share 𝕏 Share in Share 🔒 PDF

What it is

By simply using Craigslist, users outside the United States automatically agree to have their personal data transferred to and stored on servers in the U.S., regardless of their home country's privacy laws.

Consumer impact (what this means for users)

If you're located outside the U.S., your personal data — including name, email, phone, location, and device identifiers — will be moved to American servers where protections under GDPR or other local laws may not automatically apply.

Cross-platform context

See how other platforms handle International Data Transfer — Consent by Access and similar clauses.

Compare across platforms →

Need full compliance memos? See Professional →

Why it matters (compliance & risk perspective)

For users in the EU, UK, or other jurisdictions with strong cross-border data transfer restrictions, this provision may not provide a legally adequate basis for transferring their personal data to the U.S.

View original clause language

By accessing CL or providing us data, you agree we may use and disclose data we collect as described here or as communicated to you, transmit it outside your resident jurisdiction, and store it on servers in the United States.

Institutional analysis (Compliance & legal intelligence)

(1) REGULATORY FRAMEWORK: This provision implicates GDPR Chapter V (Art. 44–49), which prohibits transfers of personal data to third countries without an adequacy decision, appropriate safeguards (SCCs per Art. 46), or a derogation (Art. 49). The EU–U.S. Data Privacy Framework (adequacy decision, July 2023) may provide a transfer basis if Craigslist is certified, but this is not stated. UK GDPR Chapter V applies analogously for UK users. Enforced by EU member state DPAs and the UK ICO. (2)

🔒

Compliance intelligence locked

Regulatory citations, enforcement risk, and due diligence action items.

Watcher $9.99/mo Professional $149/mo

Watcher: regulatory citations. Professional: full compliance memo.

Applicable agencies

State AG

EU and UK users affected by cross-border transfer issues should contact their national Data Protection Authority; U.S. state AGs handle state-level consumer protection concerns.
File a complaint →

Provision details

Document information

Document

Craigslist Privacy Policy

Entity

Craigslist

Document last updated

April 29, 2026

Tracking information

First tracked

April 18, 2026

Last verified

April 18, 2026

Record ID

CA-P-003028

Document ID

CA-D-00288

Evidence Provenance

Source URL

https://www.craigslist.org/about/privacy.policy

Wayback Machine

View archived versions →

SHA-256

49aa28b71b10e0d0bec19b6f3f93f0c4531195a7493b02e9912d2373afefc34c

Verified

✓ Snapshot stored ✓ Change verified

How to Cite

ConductAtlas Policy Archive
Entity: Craigslist | Document: Craigslist Privacy Policy | Record: CA-P-003028
Captured: 2026-04-18 11:53:39 UTC | SHA-256: 49aa28b71b10e0d0…
URL: https://conductatlas.com/platform/craigslist/craigslist-privacy-policy/international-data-transfer-consent-by-access/
Accessed: May 2, 2026

Classification

Severity

High

International Data Transfer — Consent by Access