The policy states that personal information may be shared or transferred in connection with a merger, asset sale, financing, or acquisition of Medium, including during the negotiation phase of such transactions, with user notification described as prominent notice or direct communication.
This analysis describes what Medium's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This provision establishes that personal data may be disclosed to prospective acquirers or transaction counterparties prior to deal completion, which creates data exposure outside Medium's direct operational relationships and may engage GDPR requirements for lawful transfer basis during pre-transaction due diligence.
Removed specific scenarios (financing due diligence, reorganization, bankruptcy, receivership, transition of service) and affiliate entity references, now covers only mergers, asset sales, and acquisition scenarios.
View full change record →The agreement authorizes transfer of personal information to third parties involved in corporate transactions, including during negotiation phases, which may result in personal data being processed by entities not yet bound by Medium's privacy commitments.
How other platforms handle this
In the event of a merger, acquisition, reorganization, bankruptcy, or other similar event, your personal data may be transferred to a successor entity or third party as part of that transaction.
At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.
If you are located in the European Economic Area, Switzerland, or the United Kingdom, you have the right to access, correct, or erase your personal data; the right to restrict or object to our processing of your personal data; the right to data portability; and, where our processing is based on your...
Monitoring
Medium has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business by another company.— Excerpt from Medium's Medium Privacy Policy
1. REGULATORY LANDSCAPE: GDPR Article 6 requires a lawful basis for data transfers in M&A contexts; legitimate interests may be asserted but must satisfy a balancing test. CCPA requires that successor entities honor existing privacy commitments or provide notice and choice. The FTC has issued guidance on data transfers in business transactions. 2. GOVERNANCE EXPOSURE: Medium. The inclusion of 'negotiations' as a trigger for data sharing means personal data may be disclosed to prospective acquirers who are not yet contractually bound to Medium's privacy standards, creating a window of reduced oversight. 3. JURISDICTION FLAGS: EU users have heightened exposure because GDPR's lawful basis requirements apply to M&A due diligence data disclosures, and supervisory authorities have scrutinized such transfers. California users retain CCPA rights that must be honored by any successor entity. 4. CONTRACT AND VENDOR IMPLICATIONS: Organizations with contractual data protection obligations toward their own users or customers should assess whether Medium's M&A transfer clause is compatible with their own downstream data protection commitments if Medium is a processing vendor. 5. COMPLIANCE CONSIDERATIONS: Legal teams should monitor for any announced corporate transactions involving Medium and evaluate whether updated privacy notices or consent mechanisms are required. EU data protection officers should assess whether the M&A transfer basis is documented in the ROPA.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This provision establishes that personal data may be disclosed to prospective acquirers or transaction counterparties prior to deal completion, which creates data exposure outside Medium's direct operational relationships and may engage GDPR requirements for lawful transfer basis during pre-transaction due diligence.
The agreement authorizes transfer of personal information to third parties involved in corporate transactions, including during negotiation phases, which may result in personal data being processed by entities not yet bound by Medium's privacy commitments.
ConductAtlas has identified this type of provision across 23 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Medium.