
Privacy Policy on DigitalOcean - hetfeld
https://www.digitalocean.com/legal/privacy/
======
onli
While I'm not a fan of this and some parts of the privacy policy, I don't
think think the title is fair. What seems to have changed is that DO
implemented the Privacy Shield Framework,
[https://www.privacyshield.gov/welcome](https://www.privacyshield.gov/welcome).
This gives them the right to transfer data of EU-customers into the US, given
that some customer rights are preserved, without having to respect every
single law in every single EU-country.

However, they do reserve the right to use collected data _to pass sales leads
to one of our distribution partners_ , and that is something that sounds very
broad. This is one of those things that do not seem to be explicitly forbidden
by privacy shield, but totally collide with german law. I do not see how then
privacy shield can be legal in Germany, even if the EU commission did enact
that framework. I would expect that the german juridical system will block
this later on, but well, I'm an optimist – and I might be wrong here.

Still, for the submission title to stay like this, OP should point out what
exactly did change that warrants it.

~~~
matt4077
The "passing sales lead" bit isn't about selling you information to the
highest bidder. It's for when "it is necessary to fulfill your request". One
example would be ordering a domain name from them – where they have to pass
the information on to the registry.

~~~
onli
While you might be right, that does not follow from the structure of the
sentence:

 _DigitalOcean may share your information with contracted service providers if
sharing your information is necessary to provide a Service you have requested,
as part of a joint sales promotion or to pass sales leads to one of our
distribution partners, or to keep you up-to-date on product announcements,
software updates, special offers or other information._

Note the comma after the _Service you have requested_ , and the leading _or_.
I assume your interpretation is probably what they want to say, but it is not
what they do say, if I understand correctly what sale leads can be here.

Also note that [https://www.privacyshield.gov/article?id=My-Rights-under-
Pri...](https://www.privacyshield.gov/article?id=My-Rights-under-Privacy-
Shield) makes no statement in that regard, that sharing with third parties is
forbidden. Only that you can ask to be informed (how nice!). Mixing issues
here, the privacy shield seems to be a horrible framework for EU-customers,
while the DO privacy policy is probably alright. Besides, it is not like DO
has much information they could share.

------
unethical_ban
If only there were technology available to let us see the difference, let's
call that the "diff", of various versions of text, knowing what changed would
be a lot easier.

But I don't see where it's particularly egregious. It shares some data with
advertisers (surprise) and only to the extent required for ads and promotions.
And it says you can opt out, though it's via email.

~~~
revelation
DigitalOcean is an infrastructure company that charges for its services.

Do you expect your doctor to similarly "share your data" for "ads and
promotions"? No, because he's getting paid for services rendered.

~~~
bogomipz
I think you make an important point.

Its one thing if you are partaking in free service such FB or Google et al but
when you are exchanging money for good or services I think this crosses the
line. Recent examples of this I have seen are AT&T who sent out notice about
Customer Proprietary Network Information, basically selling your data even
though in the US you are likely paying AT&T > $100 a month. This blogs has the
actual notification:

[http://ivebeenmugged.typepad.com/my_weblog/2016/03/att-
cpni....](http://ivebeenmugged.typepad.com/my_weblog/2016/03/att-cpni.html)

Ditto for Verizon with their supercookies. In Verizon/AT&Ts case their
position seems to be "well Google and FB are doing it." and we need to
compete.

Another recent example was was ING now Voya Financial Services that manages a
401K retirement accounts sent out a notification to customers explaining that
they would be sharing your data with third parties.

This is really a disturbing trend. If the service is free then I think your
infomration is fair game but when I am paying for something it needs to be opt
in.

And almost without waver the reason these companies give for such actions is
"so we can provide yo with better service"

------
GrinningFool
Dear Digital Ocean,

Thank you for your transparency in this change. I received an email notifying
me of it. The policy itself is in a public repository - allowing me to see
exactly what changed. (Though to be honest, a link to the diff would be a
nice-to-have next time.)

I appreciate your forthrightness. After evaluating the changes further, I will
be making my decision about whether to continue making use of your services -
as I'm sure you would expect.

Sincerely,

A Customer

\----

Agree or disagree with the change, they were very up front with their
customers that it happened.

 _Edit: forgt sme lttrs. Also, too many words so I some._

~~~
al_chemist
Are they? I've received e-mail containing just "we've changed privacy policy.
Full text here". And they are required to do that, so it's not their choice.
So I tried to find diff or short blog post about it. I coudn't. I've found
this tread and HN user posted link to DO's github repository
([https://github.com/digitalocean/tos/commit/782ce59ec49a75fe2...](https://github.com/digitalocean/tos/commit/782ce59ec49a75fe2522076772513191bd0d2036?short_path=7e38e8d#diff-7e38e8dcb6d4e31a36d8cb78795190da))

Is it really transparent? Is it really worth the praise?

------
hoodoof
Is this different from other cloud providers?

------
hoodoof
And the government just takes all your private information without any terms
of service.

~~~
whamlastxmas
Of course there's a terms of service. It's "do what we say or you'll go to
prison".

------
onebot
Sorry DigitalOcean. Unsubscribe.

~~~
tylersmith
Since you clearly read the policy, I'm curious which parts specifically caused
you to unsubscribe and then narrate your actions for us.

~~~
bogomipz
Collecting IP addresses maybe?

------
bithive123
Maybe if they get enough email from their customer base they will add a self-
service opt-out feature.

