Midjourney states that agreeing to this privacy policy and submitting your data constitutes your consent to transferring personal data across borders, including to jurisdictions with different data protection laws.
This analysis describes what Midjourney's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
The policy asserts that consent to cross-border data transfer is established by a user's agreement to the policy itself; whether this mechanism satisfies GDPR Chapter V transfer requirements may require evaluation under applicable law, as the policy separately references use of standard contractual clauses for EEA, Switzerland, and UK users.
Interpretive note: The adequacy of policy-acceptance as a GDPR-compliant cross-border transfer consent mechanism is legally uncertain; the policy also references SCCs for EEA/UK/Switzerland users, creating ambiguity about which mechanism applies in practice.
The updated privacy policy removed language describing how Midjourney shares personal data, the security measures protecting that data, children's privacy safeguards, procedures for notifying users o…
Personal data may be transferred to and stored in countries with different data protection laws; the policy asserts that accepting the policy constitutes consent to this transfer, though EEA and UK users are also covered by standard contractual clauses as an additional transfer mechanism.
How other platforms handle this
By accessing or using the Services, you represent and warrant that: (a) you are at least 18 years of age or over the age of majority in the jurisdiction where you are a resident or citizen; and (b) your registration and your use of the Service is in compliance with any and all applicable laws and re...
YOU MUST BE AND HEREBY AFFIRM THAT YOU ARE AN ADULT OF THE LEGAL AGE OF MAJORITY IN YOUR COUNTRY OR STATE OF RESIDENCE. If you are under the legal age of majority, your parent or legal guardian must consent to this agreement.
We rely upon you to obtain any consents from your friends and contacts that may be required by law to allow us to access, upload, and use their personal information for this purpose. You or your friends or contacts may reach us at privacy@draftkings.com to request the removal of this information fro...
Monitoring
Midjourney has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"Your information, including Personal Data, is processed at the Company's operating offices and in any other places where the parties involved in the processing are located. It means that this information may be transferred to — and maintained on — computers located outside of Your state, province, country or other governmental jurisdiction where the data protection laws may differ from those in Your jurisdiction. Your consent to this Privacy Policy followed by Your submission of such information represents Your agreement to that transfer.— Excerpt from Midjourney's Midjourney Privacy Policy
1) REGULATORY LANDSCAPE: Cross-border data transfers from the EEA, UK, and Switzerland are governed by GDPR Chapter V, UK GDPR, and Swiss Federal Act on Data Protection, which require a lawful transfer mechanism such as adequacy decisions, standard contractual clauses, or binding corporate rules. Consent as a transfer basis under GDPR requires freely given, specific, informed, and unambiguous consent that is separate from acceptance of general terms. The policy separately references SCCs for EEA/UK/Switzerland transfers, which partially mitigates exposure. Enforcement authorities include EU national DPAs, the UK ICO, and the Swiss FDPIC. 2) GOVERNANCE EXPOSURE: Medium. The assertion that acceptance of the privacy policy constitutes consent to cross-border transfer may not satisfy GDPR's standard for consent as a transfer mechanism, which requires the consent to be specific to the transfer and its associated risks. However, the policy's separate reference to SCCs for EEA/UK/Switzerland users provides an alternative lawful basis that reduces overall exposure for those user populations. 3) JURISDICTION FLAGS: EEA, UK, and Switzerland users face heightened exposure because GDPR and equivalent frameworks impose specific requirements for international transfers. US-based users are less affected by this provision. The adequacy of Midjourney's transfer mechanisms should be evaluated against current EU-US data transfer frameworks. 4) CONTRACT AND VENDOR IMPLICATIONS: Enterprise customers in the EU or UK should confirm that their data processing agreements with Midjourney include executed SCCs or equivalent transfer mechanisms, and should not rely solely on the policy consent mechanism as the legal basis for transfers. 5) COMPLIANCE CONSIDERATIONS: Compliance teams should verify that SCCs referenced in the policy are executed with all relevant data processors and sub-processors, that transfer impact assessments have been conducted where required, and that the policy's consent-as-transfer-basis assertion does not create a gap in the transfer mechanism documentation for EEA, UK, and Switzerland users.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
The policy asserts that consent to cross-border data transfer is established by a user's agreement to the policy itself; whether this mechanism satisfies GDPR Chapter V transfer requirements may require evaluation under applicable law, as the policy separately references use of standard contractual clauses for EEA, Switzerland, and UK users.
Personal data may be transferred to and stored in countries with different data protection laws; the policy asserts that accepting the policy constitutes consent to this transfer, though EEA and UK users are also covered by standard contractual clauses as an additional transfer mechanism.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Midjourney.