Cross-Border Data Transfer to China-Based Parent

What it is

Your personal data, including video footage and account information, may be transferred to and stored in China, where Eufy's parent company Anker is based.

Why it matters (compliance & governance perspective)

Data transfers to China are subject to Chinese data law requirements including the Personal Information Protection Law (PIPL) and potential government access obligations that differ materially from EU GDPR or US privacy frameworks, which may affect what protections apply to your data.

Consumer impact (what this means for users)

Video footage, biometric data, and account information collected by Eufy devices may be stored or processed in China, where different legal protections apply and Chinese authorities may have access rights under Chinese national security law.

What you can do

Institutional analysis (Compliance & governance intelligence)

REGULATORY LANDSCAPE: Cross-border data transfers from the EU/EEA to China are governed by GDPR Chapter V, which requires adequate safeguards such as Standard Contractual Clauses (SCCs) given that China does not have an EU adequacy decision. China's PIPL imposes its own requirements on outbound data transfers, including security assessments for large-scale transfers of personal information. The UK GDPR and International Data Transfer Agreements apply for UK users. The policy's assertion that 'adequate protection' is ensured without specifying the transfer mechanism creates compliance ambiguity for EU and UK users. GOVERNANCE EXPOSURE: High for EU and UK users. The absence of explicit disclosure of the transfer mechanism (SCCs, binding corporate rules, or adequacy decision) used for EU-to-China transfers is a notable gap. Chinese national security laws, including the National Intelligence Law, may require Chinese companies to cooperate with intelligence requests in ways that cannot be contractually prevented, creating a structural tension with GDPR transfer requirements that has been flagged by EU data protection authorities. JURISDICTION FLAGS: EU/EEA and UK users face the highest exposure given GDPR and UK GDPR transfer restrictions. US users should be aware that data stored in China may be subject to Chinese government access that differs from US legal process requirements. The policy does not specify which data categories are transferred internationally versus stored locally. CONTRACT AND VENDOR IMPLICATIONS: Enterprise or government purchasers of Eufy devices should conduct a data residency assessment before deployment, particularly for sensitive environments. Procurement teams should seek clarification on whether local storage options exist and whether data processing agreements can be structured to limit international transfers. COMPLIANCE CONSIDERATIONS: Legal teams should request specific documentation of the transfer mechanisms used for EU and UK data transfers to China, verify whether SCCs have been executed and supplemented with a transfer impact assessment, and assess whether local storage modes available in Eufy devices effectively prevent international transfer or merely cache data locally before syncing.

Applicable agencies

Applicable regulations

Provision details

Other risks in this policy

• Facial Recognition and Biometric Data Collection high
• Third-Party Advertising and Analytics Data Sharing high
• Video Footage Collection and Cloud Storage high
• Children's Data and COPPA Compliance medium
• California Resident Rights Under CCPA medium
• Data Retention Policy medium

Related Analysis

• Meta Removed 438 Sentences From Its Privacy Policy. Here Is What Disappeared.

  ConductAtlas detected a major restructuring of Meta’s privacy policy that removed detailed consumer rights disclosures and relocated them to separate documents.

• 23andMe Is Bankrupt. What Happens to Your DNA Now?

  Your genetic data may be transferred to a new owner as a business asset. Here is what the Terms of Service actually say and what you can do right now.