EU, UK, and Brazilian users should know their data may be transferred to the US or other countries with different privacy protections, though Bluesky states it uses legally recognized transfer mechanisms to protect that data.
Medium
· Medium Privacy Policy
Users in the EU and other countries with strong data protection laws should be aware that their data is transferred to a jurisdiction where equivalent legal protections may not apply, which affects what remedies are available if data is mishandled.
This provision establishes the legal basis for cross-border transfers of EEA, Swiss, and UK personal data to the US and other jurisdictions, but does not specify which SCC module is in use or identify the supervisory authority overseeing the transfer.
Netflix
· Netflix Privacy Statement
International data transfers from the EU/EEA and UK to countries without an adequacy decision require specific legal mechanisms under GDPR and UK GDPR; the policy's reference to transfer mechanisms indicates reliance on Standard Contractual Clauses or equivalent arrangements that are subject to ongoing regulatory scrutiny.
This provision establishes that user personal data is shared across Telegram's corporate group, including entities in jurisdictions without an EU adequacy decision, relying on Standard Contractual Clauses as the transfer mechanism. The adequacy of SCCs for transfers to the BVI and UAE requires ongoing assessment under GDPR guidance.
GitHub
· GitHub Copilot Business Privacy Statement
ISO/IEC 42001:2023 is the first international standard specifically addressing AI management systems, and its disclosure is directly relevant to organizations assessing GitHub Copilot under emerging AI governance regulations including the EU AI Act.
Diversity information, which may include characteristics protected under federal or state law, is collected from job applicants and retained for recruitment statistics purposes; applicants should understand what they are disclosing and how it may be used.
Joint controller status under GDPR means both companies share legal responsibility for compliance with data subject rights, and users should be aware they may need to direct certain requests to both entities rather than just one.
This means your data may flow to financial companies outside Bank of America's corporate family for co-branded or partner marketing without any opt-out right available to you.
The provision creates distinct contractual relationships based on user location, which may affect applicable regulatory frameworks, liability structures, and data processing obligations since different legal entities operate under potentially different regulatory regimes (EU/EEA regulations for the Ireland entity, UK regulations for UK users, and other jurisdictions for remaining users).
Your ability to control Amazon's use of your personal data depends heavily on where you live, and users outside California, the EU, UK, or Brazil may have substantially fewer enforceable rights under this notice.
This provision establishes operationally distinct rights regimes for users based on geography, with California and EU or UK users having the most specific enumerated rights. The practical availability of these rights depends on Ancestry's implementation of compliant request and response mechanisms.
The provision operationalizes Coinbase's compliance framework with GDPR, CCPA, and related privacy statutes by explicitly recognizing and establishing procedures through which users in covered jurisdictions may exercise statutory rights over their personal information. This structure clarifies the company's obligations under applicable regulatory schemes and defines the scope of user entitlements.
This clause establishes the organizational framework for jurisdiction-specific privacy compliance. It signals that Ticketmaster's privacy obligations and user rights are determined by the applicable laws in each user's market rather than a single uniform standard across all operations.
Fitbit
· Fitbit Privacy Policy
These rights are only available to users in specific jurisdictions, meaning the majority of global Fitbit users may have significantly fewer enforceable rights over their health data depending on where they live.
This provision conditions the availability of privacy rights on the user's jurisdiction, meaning the scope of rights available to a given user depends on their location and the applicable legal framework rather than a uniform global standard.
TikTok
· TikTok Privacy Policy
Keystroke pattern collection can be used for behavioral profiling or identity inference beyond standard usage analytics; clipboard access may expose text or images copied from other apps that users did not intend to share with TikTok.
AI conversation data may include sensitive academic questions, personal disclosures, or learning difficulties that users share in an educational context, and the use of this data to improve AI models raises questions about retention, access, and whether child users' conversations receive appropriate protections.
The agreement states that Binance.US collects and retains personal information including identity verification data, and that this information may be retained after account closure, which means users cannot fully remove their personal data from the platform by closing their account.
Wise's identity verification process involves sharing your personal data with third-party verification services, and providing inaccurate information can result in account suspension or closure.
Ticket sellers face a significantly higher level of identity verification and data collection than buyers, including government ID and tax information, because Ticketmaster's payment processing obligations under financial regulations require KYC compliance for money transfers.
Roblox
· Roblox Privacy and Cookie Policy
This provision discloses that Roblox shares user information with law enforcement and government authorities, a practice with significant implications for user privacy and for compliance with legal process obligations under applicable law. The provision is newly added as of the April 2026 effective date.
Stripe
· Stripe Privacy Policy
Payment processors handling financial transaction data are commonly subject to law enforcement requests including subpoenas, court orders, and regulatory demands, and the policy's disclosure of government sharing is relevant to consumers whose financial data Stripe holds.
As a home security company, SimpliSafe holds detailed records of who enters and exits your home, when alarms trigger, and potentially video footage of your residence, all of which could be subject to law enforcement requests.
This provision authorizes Bluesky to share your data, including unencrypted direct messages, with law enforcement or government agencies based on the company's good faith belief, which extends beyond strictly legally compelled disclosures.
This provision establishes conditions under which personal data may be disclosed to government or law enforcement entities, including a discretionary determination by AWS that disclosure is reasonably necessary for operational or terms enforcement purposes. The discretionary element extends beyond mandatory legal compliance to include AWS-initiated disclosures, which may be relevant to enterprise customers evaluating data confidentiality.
Uber
· Uber Privacy Notice
This provision authorizes Uber to disclose personal data including trip records, location history, and account information to law enforcement or government agencies without requiring a court order in all circumstances, relying instead on Uber's own assessment of whether disclosure is 'in accordance with' applicable law.
Gemini
· Gemini Privacy Policy
As a cryptocurrency exchange with KYC and AML obligations, Gemini is subject to regulatory requirements to report suspicious activity and respond to lawful requests for user data from government authorities.
This provision authorizes disclosure of personal data to government and law enforcement entities without specifying whether OpenAI provides notice to affected users or applies additional safeguards such as requiring a warrant.
Meta
· Llama API Terms of Service
This provision applies to developers and their associated account data, meaning that information about a developer's app usage, data practices, and platform activity may be disclosed to government authorities under circumstances Meta determines are appropriate.