GDPR Compliance for Personal / Free Accounts

louisebeattie
Helpful | Level 5
7 years ago
I have been a paid Dropbox user for many years and when I first signed up my account type was called Pro and this was only changed last year. Pro to me meant professional and I do use it for business and I need a DPA in place with all of my providers who are data processors/store personal data.

As a long term paid client, on what I believed to be a Pro account, the Dropbox stance is extremely disappointing. It's not that I can't afford a business Dropbox account, however, it is the fact that the Business account doesn't fit my needs, I don't have a team of three and as a business owner there is no business sense in paying for a service that I don't require just to get a DPA in place when there are other providers who meet my requirements and offer a DPA.

I really do not understand Dropbox' logic in this. They are alienating many long-term paying clients because they have chosen not to implement something that could be done very easily and cost-effectively by adding the DPA as an addendum to the T&C.

I see no indication from Dropbox that they are re-considering this stance which leads me to assume that they are obviously not interested in having solopreneurs, freelancers etc as clients.

I have already found good alternatives and am already in the process of uploading my data, which is a pain with my slow internet connection, however, unless there is a change in policy soon I will be cancelling my account before renewal after 7 years as a happy client.
aukevn
Helpful | Level 7
7 years ago
I agree. It took me about 5 email to get Dropbox support to say clearly that "yes, Bacis and Personal accounts can't get a DPA". I have asked them to reconsider but as they try to get us on their Business accounts I don't expect them to change. When I asked if they could guarantee my data to be stored in Europe rather than the US their answer was that it can be negotiated if you have more than 250 users. Up there in the clouds..
aukevn
Helpful | Level 7
7 years ago
Sorry Ed, you can't state that you will meet all requirements. If you don't provide DPA's, you don't comply with the GDPR for any business using Free or Personal accounts to store personal data. No matter how many security measures you take or privacy policies you write.

One simple agreements would solve that but up to now your company is unwilling to provide this. It seems this is driven more by the desire for more profit than any technical reason, since you state that everything is in place by the GDPR.
noerpol
Helpful | Level 5
7 years ago
I am a Dropbox Plus customer, and I was searching everywhere on dropbox.com for the DPA. I couldn't understand why it was so difficult to find, until i finally found (stumble upon) this thread.

I don't understand why a DPA is not available to ALL (or at least all paying) users, and why it is so difficult to get good valid information regarding aquiring an DPA from Dropbox.

GDPR clearly states that i need a DPA to be compliant with the law and for now the only solution seems to be an upgrade to business. As i really dont think i'll be able to afford that in the long run, I feel kinda let down by a service i have been using and promoting to others for many years :(
aukevn
Helpful | Level 7
7 years ago
As far as I can see, Dropbox could either provide a single person business account, or just make the agreement applicable to their other types of accounts. Maybe it is good business for them :sunglasses:
aukevn
Helpful | Level 7
7 years ago
Dropbox does that too, but only for Business Account holders with a minimum of 3 users. So even if you pay for a Personal account they don't provide anything and small one person businesses are toast
aukevn
Helpful | Level 7
7 years ago
Thanks Norah, I really hope Dropbox will change this. Currently the statement that the Basic and Personal accounts comply to the GDPR are false.

Kind regards,

Auke
aukevn
Helpful | Level 7
7 years ago
The EU GDPR clearly states that you need a Data Processing Agreement with all those who process our data. Therefor businesses in Europe cannot use a Dropbox Free or Personal account to store personal data as Dropbox will not 'sign' such agreements with those customers. Our legal advisor conforms that and Dropbox has admitted this is the case and 'advices' to upgrade to a Business Account.
Ed
Dropbox Staff
7 years ago
Hi All

To add to that:
Our Dropbox Terms of Service and Privacy Policy govern Dropbox Basic, Professional and Plus products while our DPA is only applicable for Dropbox’s Business users. Additionally, Dropbox is bound by the language of the Privacy Policy with respect to Dropbox Business customers and the users on a Dropbox Business team.

While Data Processing Amendments are only for Dropbox Business customers, Dropbox will meet the requirements of the GDPR by May 25, 2018 as required across all its services, including Dropbox Basic, Plus, Pro, and Business.
oobayly
New member | Level 2
7 years ago
It does appear to be a cynical move by companies to force customers to pay more by only providing a DPA for business accounts (which will remain completely under utilised).

I store 1.8GB of data (most of which are PDF raster scans for our purchase ledger. I don't need 2TB, I don't need 3 users, I don't need API access. In fact I need very little of what Dropbox Business provides.

I use Dropbox to store documents in a manner that I can access from multiple locations, that's it. Rather than offering a simple solution to small businesses and sole traders who only need a single user, Dropbox are saying "Pay for our business solution, that you'll completely under-utilise", or don't use us at all.

I'll be opting for the latter, and not using it at all...