The policy states that personal data may be transferred internationally, including to the United States, and that Miro relies on Standard Contractual Clauses or other approved transfer mechanisms to authorize such transfers for EU and UK users.
This analysis describes what Miro's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This provision establishes the legal mechanism for cross-border data transfers, which is a material compliance consideration for EU and UK enterprise customers following Schrems II and the EU-US Data Privacy Framework.
Interpretive note: The specific transfer mechanisms and their current status were not confirmed in the truncated document text; this reflects known Miro policy structure.
Newly explicit provision addressing cross-border data transfer mechanisms and compliance with frameworks like SCCs, indicating potential changes to global data flow practices.
View full change record →Under this provision, personal data of EU and UK users may be transferred to the United States and other jurisdictions, with Standard Contractual Clauses or equivalent mechanisms serving as the transfer basis; the adequacy of these mechanisms depends on the transfer impact assessments Miro has conducted.
How other platforms handle this
At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.
Your personal information may be transferred to, and maintained on, computers located outside of your state, province, country, or other governmental jurisdiction where the privacy laws may not be as protective as those in your jurisdiction.
Your personal information may be transferred to, stored, and processed in the United States or other countries outside of your country of residence, which may have data protection laws that are different from those in your country.
Monitoring
Miro has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
1) REGULATORY LANDSCAPE: International data transfers from the EU/EEA and UK engage GDPR Chapter V, UK GDPR transfer provisions, and the EU-US Data Privacy Framework. The European Data Protection Board and national supervisory authorities have issued guidance on transfer impact assessments following the Schrems II ruling. Miro's reliance on SCCs requires current versions and may require supplementary measures depending on destination country risk assessments. 2) GOVERNANCE EXPOSURE: Medium. EU and UK enterprise customers should verify that Miro is using the current EU Commission-approved SCC clauses (adopted June 2021) and has conducted transfer impact assessments for US transfers. Organizations in regulated industries may face heightened scrutiny from supervisory authorities. 3) JURISDICTION FLAGS: EU/EEA and UK users face the highest exposure. Organizations subject to sectoral regulations (financial services, healthcare, public sector) may have additional restrictions on international data transfers that require assessment against Miro's transfer framework. 4) CONTRACT AND VENDOR IMPLICATIONS: Enterprise DPAs should specify the transfer mechanisms applicable to board content. Procurement teams should request evidence of transfer impact assessments and confirm that subprocessor transfer mechanisms are documented in the subprocessors list. 5) COMPLIANCE CONSIDERATIONS: Data protection officers should verify that the SCCs in the Miro DPA are the current approved versions, request transfer impact assessments if not already provided, and assess whether the EU-US Data Privacy Framework adequacy decision applies to Miro's US processing entities.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This provision establishes the legal mechanism for cross-border data transfers, which is a material compliance consideration for EU and UK enterprise customers following Schrems II and the EU-US Data Privacy Framework.
Under this provision, personal data of EU and UK users may be transferred to the United States and other jurisdictions, with Standard Contractual Clauses or equivalent mechanisms serving as the transfer basis; the adequacy of these mechanisms depends on the transfer impact assessments Miro has conducted.
ConductAtlas has identified this type of provision across 55 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Miro.