Child Item

Can Dropbox’s trusted third party companies request to view the files in my account?

Section 10 of Dropbox’s privacy policy FAQ is headed - What categories of personal information are included in the information Dropbox collects and discloses to trusted third parties?

In that section it lists all elements including on a separate line - "Your stuff" is what you decide to store in your Dropbox account.

My question is - Can Dropbox’s trusted third parties – Google, Amazon, Teleperformance, Salesforce, Zendesk, Oracle America and Snapengage, request to view the files in my account?

If yes, on what basis can they make that request? Is the user notified of the request before it’s approved or denied? Can a trusted third party’s request be granted without a court order?

If trusted third parties do have access to my files, how are my files protected, if my account has a ‘backdoor’?

I appreciate I can give third-party apps, permission to access my account, but my question is specific to requests that might be made without a user's knowledge or permission, by one of Dropbox's trusted third parties.

Thank you in advance for any assistance.

Find more posts tagged with

Security

Disagree

Accepted answers

Walter

Thanks for the follow up @Thoughts - I appreciate the clarifications as well.

Well, basically, Dropbox does need to disclose limited data with third parties.

For example, Zendesk will have your email address and account information, as will SalesForce etc - we do not disclose the content of our customers files to our trusted 3rd parties.

Another example would be that Dropbox uses Amazon Web Services to store files of Dropbox team customers who want their files stored in Europe. We require these trusted third party service providers to process data based on our instructions and in compliance with our privacy requirements. Dropbox can’t provide its Services without using these third party service providers, so it’s not possible to opt out of data sharing with all third parties without deleting your account.

Like most major online services, Dropbox personnel will, on rare occasions, need to access users’ file content (1) when legally required to do so; (2) when necessary to ensure that our systems and features are working as designed (e.g., debugging performance issues, making sure that our search functionality is returning relevant results, developing image search functionality, refining content suggestions, etc.); or (3) to enforce our Terms of Service and Acceptable Use Policy.

Access to users’ file content is limited to a small number of people. We have strict policy and technical access controls that prohibit access to file content except in these rare circumstances. In addition, we use a number of physical and electronic security measures to protect user information from unauthorized access.

To sum it up, disclosing “your stuff” is not necessarily equal to giving 3rd parties access to view the content of “your stuff”.

I hope this clears things up!

All comments

Walter

Hey @Thoughts, thanks for using Dropbox and welcome to our Community.

To directly get to the chase, no, our trusted third parties will never request to view the files you've got stored on your account and even if access to your files was needed, it would be by our Support team for troubleshooting purposes on your account, only after your own request.

For more information on this, you can have a look here.

I hope this helps!

Thoughts

Hello Walter

Thank you for your kind reply.

Could you please clarify the meaning of the heading below taken from Dropbox's privacy policy FAQ

What categories of personal information are included in the information Dropbox collects and discloses to trusted third parties?

In that section everything about a user's account is listed, including their files.

The last sentence of section 10 of the Privacy Policy FAQ states - Dropbox has collected and disclosed the categories described above to trusted third parties in the preceding 12 months.

In your reply you said, our trusted third parties will never request to view the files you've got stored on your account. My question is, not will they, but can they? The FAQ clearly states they not only can, but have done exactly that!

There must be a legal reason why the privacy policy FAQ states that Dropbox collects and discloses that information to trusted third parties. If not, why is the policy FAQ written as it is? If a trusted third-party does not have any rights to view a user's account or files, why does the privacy policy state they do, and actually have been granted access to that information?

I completely understand Dropbox accessing users' accounts in the role of maintaining Dropbox's service, but that would not seem to apply to trusted third parties.

Furthermore, section 11 explains how requests for user's data are handled, but it mentions ...requests from users all over the world. It makes no mention of trusted third parties.

Sorry to be so exacting here, but what a trusted third party will or won't do isn't the issue. The question is why does Dropbox's privacy policy state that Dropbox collects and discloses that information to trusted third parties? And in the final sentence of section 10 states that, that is exactly what has happened in the last 12 months.

So I ask again, can a trusted third party request to see my account details and or my files? And if so, can that request be granted without my knowledge?

Thank you once again for your kind attention and time.

Walter

Thanks for the follow up @Thoughts - I appreciate the clarifications as well.

Well, basically, Dropbox does need to disclose limited data with third parties.

For example, Zendesk will have your email address and account information, as will SalesForce etc - we do not disclose the content of our customers files to our trusted 3rd parties.

I hope this clears things up!

Thoughts

Hello Walter

Thank you, I appreciate the clarification. I will continue using independent file encryption, where appropriate.