Which regulatory agencies enforce this type of clause?

{'agency': 'FTC', 'reason': 'The FTC has authority over deceptive disclosures about data sharing with affiliated companies and corporate parent entities under Section 5.', 'complaint_url': 'https://reportfraud.ftc.gov/'}

What is the severity of this clause?

ConductAtlas classifies this Data Sharing with Affiliated Companies clause as medium severity. Severity reflects the magnitude of rights affected, the breadth of users impacted, and the degree of discretion the platform retains.

Data Sharing with Affiliated Companies — Poshmark

Share 𝕏 Share in Share 🔒 PDF

What it is

Poshmark can share all your personal data with related companies (including its parent company Naver Corporation) for any purpose described in this privacy policy.

Consumer impact (what this means for users)

Your personal information including purchase history, behavioral data, and contact details can be shared across Poshmark's entire corporate family — including Naver Corporation — potentially subjecting your data to different privacy standards and foreign jurisdictional access by government authorities.

Cross-platform context

See how other platforms handle Data Sharing with Affiliated Companies and similar clauses.

Compare across platforms →

Need full compliance memos? See Professional →

Why it matters (compliance & risk perspective)

Following Poshmark's acquisition by Naver Corporation, this clause means your data can be shared with a large South Korean technology conglomerate and its subsidiaries, with different legal protections applying than under US or EU law.

View original clause language

We may share your information with our affiliates, meaning an entity that controls, is controlled by, or is under common control with Poshmark. Our affiliates may use the information we share in a manner consistent with this Privacy Policy.

Institutional analysis (Compliance & legal intelligence)

REGULATORY FRAMEWORK: Cross-border data transfers to South Korea from the EU require adequacy decision or SCCs under GDPR Chapter V (note: South Korea received an EU adequacy decision in December 2021, but this must be maintained and specific transfer mechanisms documented). US-to-South Korea transfers are governed by PIPEDA equivalency assessments for Canadian users. CPRA does not restrict intra-corporate transfers but requires affiliate processing to remain within stated purposes. FTC Act Section 5 applies to deceptive representations about data sharing scope.

🔒

Compliance intelligence locked

Regulatory citations, enforcement risk, and due diligence action items.

Watcher $9.99/mo Professional $149/mo

Watcher: regulatory citations. Professional: full compliance memo.

Applicable agencies

FTC

The FTC has authority over deceptive disclosures about data sharing with affiliated companies and corporate parent entities under Section 5.
File a complaint →

Provision details

Document information

Document

Poshmark Privacy Policy

Entity

Poshmark

Document last updated

April 29, 2026

Tracking information

First tracked

April 28, 2026

Last verified

April 28, 2026

Record ID

CA-P-003757

Document ID

CA-D-00334

Evidence Provenance

Source URL

https://poshmark.com/privacy

Wayback Machine

View archived versions →

SHA-256

2cc924fa513a0bd8e9feec282ca6e11d838f46832da0f5416673dd4f3402c29f

Verified

✓ Snapshot stored ✓ Change verified

How to Cite

ConductAtlas Policy Archive
Entity: Poshmark | Document: Poshmark Privacy Policy | Record: CA-P-003757
Captured: 2026-04-28 05:49:19 UTC | SHA-256: 2cc924fa513a0bd8…
URL: https://conductatlas.com/platform/poshmark/poshmark-privacy-policy/data-sharing-with-affiliated-companies/
Accessed: May 2, 2026

Classification

Severity

Medium

Data Sharing with Affiliated Companies