Privacy

32442 readers

604 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago

MODERATORS

[email protected]

To Privacy Advocates! (help.cricut.com)

submitted 5 days ago* (last edited 5 days ago) by [email protected] to c/[email protected]

8 comments fedilink hide all child comments

Cricut’s Design Space enforces automatic cloud syncing of user files, even those stored "locally." This raises serious GDPR concerns, especially when files contain personal data like client details, addresses, or sensitive info, undermining user control and privacy.

What steps can we take to push Cricut toward GDPR compliance and respectful data handling? Would regulatory complaints or organized campaigns for local-only storage options make a difference?

Looking forward to your thoughts and strategies!

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 1 points 5 days ago (1 children)

When assessing whether consent is freely given, utmost account shall be taken of whether, inter alia, the performance of a contract, including the provision of a service, is conditional on consent to the processing of personal data that is not necessary for the performance of that contract.

Are we assuming personal data includes anything uploaded to the cloud? Like the .svg files? Because that is likely not personal data, at least it's not all personal data by default.

Personal data is any information that relates to an identified or identifiable living individual (data subject). Different pieces of information, which together can lead to the identification of a particular person, may also be considered personal data.

Source: https://commission.europa.eu/law/law-topic/data-protection/data-protection-explained_en

So I would think what details are associated with one's account, and what sort of encryption and control of the .SVG files plays a part.

As for what you can do if you think your rights under GDPR haven't been respected, you can boycott them or file a complaint or file a legal action.

IMO, unless you could show your data specifically was mismanaged and exposed to someone who should not have had it, I would be skeptical of the success of any lawsuit. Obligatory, not a lawyer.

[–] [email protected] 2 points 5 days ago

Thank you for your valuable insights! I agree that complaints, legal claims and boycotts are valid approaches to push for accountability.

Online accounts are not part of the primary purpose of acquiring the device. When purchasing a vinyl cutter or printer, users do not initially agree to a software license which is enforced later on with changing terms over time. Additionally, SVG files created with Cricut are expected to contain private information about third parties, such as addresses and messages, since the tool is designed for creating personalized items like cards and invitations. This raises serious data privacy concerns, as those individuals have not consented to their data being processed by Cricut, violating GDPR principles related to consent and purpose limitation.