Your personal data may be stored and processed in the United States or other countries that may have different or less protective privacy laws than your home country. Using the service is treated as acknowledgment of this transfer.
This analysis describes what Runway's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
For EU and UK users, international data transfers to the United States require a lawful transfer mechanism under GDPR Chapter V, such as Standard Contractual Clauses. The policy's reliance on user acknowledgment through service use as a consent mechanism for transfers may not satisfy GDPR transfer requirements.
Interpretive note: The policy does not specify which GDPR-compliant international transfer mechanism Runway relies upon, creating uncertainty about the legal basis for transfers of EU and UK user data to the United States.
EU and UK users' personal data is transferred to and processed in the United States. Under GDPR, this transfer must be supported by an appropriate legal mechanism such as Standard Contractual Clauses; the policy does not describe which transfer mechanism Runway relies upon.
How other platforms handle this
Where required by law, we provide adequate protection for the transfer of personal data in accordance with applicable law, such as by obtaining your consent, relying on the European Commission's adequacy decisions, or executing Standard Contractual Clauses. Where relevant, you may request a copy of ...
Customer authorized Mistral AI to transfer Personal Data to any country deemed to have an adequate level of data protection by the European Commission. Customer also authorizes Mistral AI to perform International Data Transfers to (a) on the basis of adequate safeguards in accordance with Applicable...
Personal data collected by Unity may be transferred to and processed in countries outside of the European Economic Area, including the United States, where data protection laws may differ from those in your country. Where we transfer personal data from the EEA or the UK, we rely on appropriate safeg...
Monitoring
Runway has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"Runway is headquartered in the United States. Your personal data may be collected in, transferred to, and stored in the United States or another jurisdiction that is different from your home jurisdiction and that may not have the same data protection laws as your home jurisdiction. By using our Service, you acknowledge such transfer, storage and processing.— Excerpt from Runway's Runway Privacy Policy
1) REGULATORY LANDSCAPE: This provision directly engages GDPR Chapter V (Articles 44-49) on international data transfers, and UK GDPR equivalent provisions. Following the Schrems II decision by the Court of Justice of the EU, transfers to the United States require either reliance on the EU-US Data Privacy Framework (if Runway is certified), Standard Contractual Clauses with supplementary measures, Binding Corporate Rules, or another Article 46 mechanism. The policy does not specify which mechanism Runway relies upon. 2) GOVERNANCE EXPOSURE: Medium. The policy states that users acknowledge international transfers by using the service, but acknowledgment through continued use does not constitute a valid GDPR Article 49 derogation for systematic transfers. The absence of a disclosed transfer mechanism in the policy text creates a compliance documentation gap that supervisory authorities may scrutinize. 3) JURISDICTION FLAGS: EU member state supervisory authorities and the UK Information Commissioner's Office have enforcement jurisdiction over unlawful international transfers. Transfers involving special category data (which may include biometric data under GDPR Article 9) are subject to heightened transfer requirements. Switzerland-based users are subject to the revised Federal Act on Data Protection, which also has international transfer requirements. 4) CONTRACT AND VENDOR IMPLICATIONS: Enterprise customers with EU or UK users should request documentation of Runway's international transfer mechanisms, particularly Standard Contractual Clauses or EU-US DPF certification. Data processing agreements should include transfer mechanism provisions and supplementary measures documentation. 5) COMPLIANCE CONSIDERATIONS: Runway's legal team should ensure the privacy policy is updated to disclose the specific transfer mechanisms relied upon for EEA and UK user data transfers. Data protection impact assessments may be required for transfers involving biometric or other sensitive personal data. Enterprise customers should conduct transfer impact assessments where required under their own GDPR obligations.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
ConductAtlas detected a major restructuring of Meta’s privacy policy that removed detailed consumer rights disclosures and relocated them to separate documents.
Your genetic data may be transferred to a new owner as a business asset. Here is what the Terms of Service actually say and what you can do right now.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
For EU and UK users, international data transfers to the United States require a lawful transfer mechanism under GDPR Chapter V, such as Standard Contractual Clauses. The policy's reliance on user acknowledgment through service use as a consent mechanism for transfers may not satisfy GDPR transfer requirements.
EU and UK users' personal data is transferred to and processed in the United States. Under GDPR, this transfer must be supported by an appropriate legal mechanism such as Standard Contractual Clauses; the policy does not describe which transfer mechanism Runway relies upon.
ConductAtlas has identified this type of provision across 2 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Runway.