What can I do about this clause?

{'method': 'WEB_FORM', 'recipient': 'https://www.salesforce.com/company/legal/privacy/', 'difficulty': 'MODERATE', 'action_type': 'EXPORT_DATA', 'instructions': "Visit Salesforce's privacy page to find instructions for submitting a data access or portability request. EU customers may submit requests under the EU Data Act for access, transfer, or deletion of their data.", 'deadline_days': None, 'deadline_hours': None}

Which regulatory agencies enforce this type of clause?

{'agency': 'FTC', 'reason': 'The FTC has jurisdiction over unfair or deceptive data practices and consumer protection issues related to data rights and privacy for US-connected users.', 'complaint_url': 'https://reportfraud.ftc.gov/'}

What is the severity of this clause?

ConductAtlas classifies this EU Data Act — Customer Data Rights clause as medium severity. Severity reflects the magnitude of rights affected, the breadth of users impacted, and the degree of discretion the platform retains.

EU Data Act — Customer Data Rights — Salesforce

Share 𝕏 Share in Share 🔒 PDF

Monitor governance changes for Salesforce Create a free account to receive the weekly governance digest and monitor one platform for governance changes.

Create free account No credit card required.

Document Record

What it is

As of September 12, 2025, the EU Data Act gives Salesforce customers in the EU the right to access, transfer, or delete their data, providing more control and flexibility over how their information is used.

ⓘ

This analysis describes what Salesforce's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology

ConductAtlas Analysis

Why it matters (compliance & governance perspective)

The clause operationalizes EU Data Act compliance mechanisms, establishing procedural requirements for data access, portability, and customer control rights that affect how Salesforce manages and provides access to customer-generated data within its systems.

Consumer impact (what this means for users)

EU customers now have enforceable rights to request access to, portability of, and deletion of their data held by Salesforce under the EU Data Act. This directly affects data sovereignty and the ability to switch providers without losing access to business data.

What you can do

⚠️ These actions may provide transparency or partial mitigation but may not fully address the underlying issue. Effectiveness varies by jurisdiction and individual circumstances.

Export Your Data

Visit Salesforce's privacy page to find instructions for submitting a data access or portability request. EU customers may submit requests under the EU Data Act for access, transfer, or deletion of their data.

How other platforms handle this

Mistral AI Medium

Customer shall: Comply with its obligations under the Applicable Data Protection Law regarding the Processing and any instruction provided to Mistral AI, Provide notice and obtain all consents and rights required by the Applicable Data Protection Law for Mistral AI to Process Personal Data as part o...

GitHub Medium

If you are a California resident, you have specific rights under the California Consumer Privacy Act and California Privacy Rights Act. These rights include the right to know what personal information is collected, the right to delete personal information, the right to opt out of the sale or sharing...

Datadog Medium

If you are a California resident, you have certain rights with respect to your personal information under the California Consumer Privacy Act (CCPA). These rights include the right to know about the personal information we collect, use, disclose, and sell; the right to request deletion of your perso...

See all platforms with this clause type →

Monitoring

Salesforce has changed this document before.

Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.

Start Watcher free trial Or create a free account →

ConductAtlas Analysis

Institutional analysis (Compliance & governance intelligence)

The EU Data Act (Regulation 2023/2854), effective September 12, 2025, imposes mandatory data portability and deletion obligations on data holders like Salesforce. Compliance teams should assess whether Salesforce's data processing agreements and DPAs have been updated to reflect these obligations and confirm that data egress procedures are operationally in place.

Full compliance analysis

Regulatory citations, enforcement risk, and due diligence action items.

Track 1 platform — free Try Watcher free for 14 days

Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.

Applicable agencies

FTC

The FTC has jurisdiction over unfair or deceptive data practices and consumer protection issues related to data rights and privacy for US-connected users.
File a complaint →

Applicable regulations

Connecticut Data Privacy Act Amendments

US-CT

CAN-SPAM

United States Federal

FTC Act Section 5

United States Federal

GDPR

European Union

Indiana Consumer Data Protection Act

US-IN

Kentucky Consumer Data Protection Act

US-KY

Universal Opt-Out Mechanism Expansion 2026

VPPA

United States Federal

Provision details

Document information

Document

Salesforce Terms of Service

Entity

Salesforce

Document last updated

May 5, 2026

Tracking information

First tracked

March 20, 2026

Last verified

March 20, 2026

Record ID

CA-P-001081

Document ID

CA-D-00201

Evidence Provenance

Source URL

https://www.salesforce.com/company/legal/agreements/

Wayback Machine

View archived versions →

Content hash (SHA-256)

dd68fa13ea513cad91d5fcff3c9c4476934d9726eff425734ba869cc8a6cce2e

Analysis generated

March 20, 2026 06:17 UTC

Methodology

summarize_document-v7

Evidence

✓ Snapshot stored ✓ Hash verified

Citation Record

Entity: Salesforce
Document: Salesforce Terms of Service
Record ID: CA-P-001081
Captured: 2026-03-20 06:17:00 UTC
SHA-256: dd68fa13ea513cad…
URL: https://conductatlas.com/platform/salesforce/salesforce-terms-of-service/eu-data-act-customer-data-rights/
Accessed: May 20, 2026

Permanent archival reference. Stable identifier suitable for legal filings, compliance documentation, and research citation.

Classification

Severity

Medium

Other risks in this policy

Privacy Policy and Data Protection medium
Customer Agreements Framework medium
Website Terms of Service low
DMCA and Intellectual Property Infringement Claims low
Ethical and Humane Use of AI medium
Partner and Alliance Agreements low

Professional Governance Intelligence

Need to monitor specific governance provisions?

Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.

Arbitration clauses AI governance Data rights Indemnification Retention policies

Start Professional free trial

Or start with Watcher →

Built from archived source documents, structured governance mappings, and historical version tracking.

Frequently Asked Questions

What does Salesforce's EU Data Act — Customer Data Rights clause do?

How does this clause affect you?

Is ConductAtlas affiliated with Salesforce?

No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Salesforce.