The digital age has a lot to offer. One of those offerings is cloud storage. Cloud Storage is becoming is very convenient and replaces the hard drives and their corruption. Which leads to data loss. Uploading the user data on Dropbox makes it accessible from anywhere unlike a hard drive.

Users prefer Cloud storage over hard drive storage because:

• No need to physically possess a storage device.
• Cloud storage makes it easy to share content from anywhere. Just sharing a Dropbox folder with a co-worker can make them access the content within it.

Below mentioned is the legal framework that Drop box adheres to while processing the user’s data:

Dropbox adheres with the EU-US and Swiss-US Privacy Shield Frameworks for data protection. It is put forward by the US Department of Commerce. These frameworks lay down the process of collection, use and retention of personal data.

Data collected by Dropbox is subject to the EU Data protection laws i.e. General data protection regulation (GDPR).

What is Dropbox?

It is a platform offering various cloud storage options (Online storage) for an individual to a large company. It is personal cloud storage or online backup service used frequently for file sharing and collaboration.

What does it do?

• Allows storing everything (from photos, videos, to large CAD files and PowerPoint presentations).
• Allows sharing these files with anyone (even the people who do not have a dropbox account). Through a link. Such a link allows the user to share anything from photos and videos to zipped folders and large CAD files with anyone. Even if the receiver does not a dropbox account.
• Provides updates: Any sort of addition, edition, deletion, or movement of their file can be seen by the user. As Dropbox updates the user of such activity. These changes can be seen by everyone with whom the user shares the file.
• Protects data: If the user loses the device in which the user’s Dropbox account is logged in. A feature called remote wipe allows the user to clear all the files and folders from the missing device’s Dropbox account.
• Recovery of files: If the user deletes a file. The file is recoverable. Dropbox stores such deleted files for 30 days to 180 days for dropbox users.

Let us know a bit about the information the user shares and the privacy the user enjoys while using the Dropbox cloud storage service.

What is the information that Dropbox collects from the user?

• Account information: Like the user’s name, email address, phone number, payment information, and physical address.
• User’s files and folders: As drop box is designed to store files, documents, photos, comments, messages, etc. To make that possible. Dropbox stores, processes, and transmit those files along with the information related to them. Which are:
  • Profile information.
  • The time it was uploaded.
  • Usage activity. (Sharing, editing, viewing, creating, and moving files and folders). And the information about the collaborators.
• Device information: Dropbox collects information about the device of the user, from which he accesses the service. Which are:
  • IP addresses.
  • Type of browser.
  • The web page is visited by the user before using dropbox services.
  • Location information. Depending upon the settings of the device.

Other than collecting this information for providing better services. Company collects information for their legitimate business needs. In case of use of information for other purposes. The company obtains consent in advance from the user.

Who else can access the information that the user shares with Dropbox?

Dropbox says that they may share the information mentioned below. But they don’t sell it to third parties.

• Trusted third parties: There are certain trusted “third parties” used by dropbox to provide customer support and IT services. Dropbox says that they share users’ personal information with these third parties. And claims to be responsible for the usage of such information.

Trusted third parties include:

• Other users: Other users have access to the User’s information like name, profile picture, device, email address, and usage information. After the user shares any file with them or collaborates with them.

When a user uses certain third-party services, Does the third party makes the user’s information available to others?

When a user uses other applications. Such as when a user tries to connect a Dropbox account to third-party services line Dropbox APIs. He enables Dropbox and such third parties to exchange information about him and data in his account, and the use of such information by the third party is governed by their privacy policies and terms of service. It is beyond the jurisdiction of Dropbox.

Does Dropbox enjoy Privacy?

Dropbox mentions that it may disclose the user’s information to third parties for maintaining law & order and public interest. If Dropbox considers such disclosure reasonable and necessary to:

 (a) Comply with the law, regulation, legal process, or appropriate governmental request.

(b) Protect any person from death or serious bodily injury.

(c) Prevent fraud or abuse of Dropbox or users.

(d) Protect Dropbox’s rights, property, safety, or interest.

(e) Perform a task carried out in the public interest.

How long can DropBox retain users’ data?

As long as the account exists. If the user deletes the account. Dropbox initiates the deletion of such information after 30 days. Other than the given time, there can be:

• Delay in deleting such information from the server and backup storage.
• Retention of this information if the company thinks it is necessary to comply with their legal obligations, dispute resolution, or enforcement of their agreements.

Does the user has control and access over his data and information?

The user has control over the collection, usage, and sharing of his data and information. Such as:

• The user can delete the data from his dropbox.

• User can make corrections to his data. Through accounts settings.

While residing in North America (the United States, Canada, and Mexico), Dropbox, Inc. acts as a service provider. For all other users, Dropbox International Unlimited Company acts as a controller of users’ data.

Do Dropbox shares users’ data with Government agencies?

• By Informing users when the government requests their information. But a non-disclosure order from the court prohibits the company to give notice to the affected user. In case there is no non-disclosure order. Dropbox informs the user after the order expires.
• Only the request which is limited to specific people and legitimate investigations is allowed.
• By restricting the government from installing backdoors into online services for obtaining users’ data. (No tapping)

What is the procedure for such disclosure of data and information to the government?

First, law enforcement sends a request to Dropbox for user information, through a search warrant or subpoena.

Then, Dropbox analysis such requests, for their legal and procedural soundness.

At last, if Dropbox thinks the request is valid. They notify the user (unless there is a non-disclosure order from the court). And eventually provides an encrypted copy of the information in the specified legal process.

Dropbox also mentions that if there is reorganization, merger, acquisition, or sale of their assets. User’s data may be transferred as part of that deal. They intend to notify the users (for example, via a message to the email address associated with their account) of any such deal.

REFERENCES

• Dropbox privacy policy, PRIVACY POLICY (Oct. 12. 2020, 09:30 AM), https://www.dropbox.com/privacy.
• The drop box privacy policy, DROPBOX (Oct. 12, 2020, 10:00 PM), https://help.dropbox.com/accounts-billing/security/privacy-policy-faq.
• Transparency overview, DROPBOX (Oct. 12, 2020, 10:30 PM), https://www.dropbox.com/transparency
• Transparency, DROPBOX (Oct. 12, 2020, 11:00 PM), https://www.dropbox.com/business/trust/privacy/transparency
• Dropbox privacy policy, DROPBOX (Oct. 12, 2020, 11:30 PM), https://www.dropbox.com/privacy2019