You might see that the Dropbox Community team have been busy working on some major updates to the Community itself! So, here is some info on what’s changed, what’s staying the same and what you can expect from the Dropbox Community overall.
Forum Discussion
Thoughts
3 years agoExplorer | Level 4
Can Dropbox’s trusted third party companies request to view the files in my account?
Section 10 of Dropbox’s privacy policy FAQ is headed - What categories of personal information are included in the information Dropbox collects and discloses to trusted third parties?
In that section it lists all elements including on a separate line - "Your stuff" is what you decide to store in your Dropbox account.
My question is - Can Dropbox’s trusted third parties – Google, Amazon, Teleperformance, Salesforce, Zendesk, Oracle America and Snapengage, request to view the files in my account?
If yes, on what basis can they make that request? Is the user notified of the request before it’s approved or denied? Can a trusted third party’s request be granted without a court order?
If trusted third parties do have access to my files, how are my files protected, if my account has a ‘backdoor’?
I appreciate I can give third-party apps, permission to access my account, but my question is specific to requests that might be made without a user's knowledge or permission, by one of Dropbox's trusted third parties.
Thank you in advance for any assistance.
Thanks for the follow up Thoughts - I appreciate the clarifications as well.
Well, basically, Dropbox does need to disclose limited data with third parties.
For example, Zendesk will have your email address and account information, as will SalesForce etc - we do not disclose the content of our customers files to our trusted 3rd parties.
Another example would be that Dropbox uses Amazon Web Services to store files of Dropbox team customers who want their files stored in Europe. We require these trusted third party service providers to process data based on our instructions and in compliance with our privacy requirements. Dropbox can’t provide its Services without using these third party service providers, so it’s not possible to opt out of data sharing with all third parties without deleting your account.
Like most major online services, Dropbox personnel will, on rare occasions, need to access users’ file content (1) when legally required to do so; (2) when necessary to ensure that our systems and features are working as designed (e.g., debugging performance issues, making sure that our search functionality is returning relevant results, developing image search functionality, refining content suggestions, etc.); or (3) to enforce our Terms of Service and Acceptable Use Policy.
Access to users’ file content is limited to a small number of people. We have strict policy and technical access controls that prohibit access to file content except in these rare circumstances. In addition, we use a number of physical and electronic security measures to protect user information from unauthorized access.
To sum it up, disclosing “your stuff” is not necessarily equal to giving 3rd parties access to view the content of “your stuff”.I hope this clears things up!
- WalterDropbox Staff
Hey Thoughts, thanks for using Dropbox and welcome to our Community.
To directly get to the chase, no, our trusted third parties will never request to view the files you've got stored on your account and even if access to your files was needed, it would be by our Support team for troubleshooting purposes on your account, only after your own request.
For more information on this, you can have a look here.
I hope this helps!
- ThoughtsExplorer | Level 4
Hello Walter
Thank you for your kind reply.
Could you please clarify the meaning of the heading below taken from Dropbox's privacy policy FAQ
What categories of personal information are included in the information Dropbox collects and discloses to trusted third parties?
In that section everything about a user's account is listed, including their files.
The last sentence of section 10 of the Privacy Policy FAQ states - Dropbox has collected and disclosed the categories described above to trusted third parties in the preceding 12 months.
In your reply you said, our trusted third parties will never request to view the files you've got stored on your account. My question is, not will they, but can they? The FAQ clearly states they not only can, but have done exactly that!
There must be a legal reason why the privacy policy FAQ states that Dropbox collects and discloses that information to trusted third parties. If not, why is the policy FAQ written as it is? If a trusted third-party does not have any rights to view a user's account or files, why does the privacy policy state they do, and actually have been granted access to that information?
I completely understand Dropbox accessing users' accounts in the role of maintaining Dropbox's service, but that would not seem to apply to trusted third parties.
Furthermore, section 11 explains how requests for user's data are handled, but it mentions ...requests from users all over the world. It makes no mention of trusted third parties.
Sorry to be so exacting here, but what a trusted third party will or won't do isn't the issue. The question is why does Dropbox's privacy policy state that Dropbox collects and discloses that information to trusted third parties? And in the final sentence of section 10 states that, that is exactly what has happened in the last 12 months.
So I ask again, can a trusted third party request to see my account details and or my files? And if so, can that request be granted without my knowledge?
Thank you once again for your kind attention and time.
- WalterDropbox Staff
Thanks for the follow up Thoughts - I appreciate the clarifications as well.
Well, basically, Dropbox does need to disclose limited data with third parties.
For example, Zendesk will have your email address and account information, as will SalesForce etc - we do not disclose the content of our customers files to our trusted 3rd parties.
Another example would be that Dropbox uses Amazon Web Services to store files of Dropbox team customers who want their files stored in Europe. We require these trusted third party service providers to process data based on our instructions and in compliance with our privacy requirements. Dropbox can’t provide its Services without using these third party service providers, so it’s not possible to opt out of data sharing with all third parties without deleting your account.
Like most major online services, Dropbox personnel will, on rare occasions, need to access users’ file content (1) when legally required to do so; (2) when necessary to ensure that our systems and features are working as designed (e.g., debugging performance issues, making sure that our search functionality is returning relevant results, developing image search functionality, refining content suggestions, etc.); or (3) to enforce our Terms of Service and Acceptable Use Policy.
Access to users’ file content is limited to a small number of people. We have strict policy and technical access controls that prohibit access to file content except in these rare circumstances. In addition, we use a number of physical and electronic security measures to protect user information from unauthorized access.
To sum it up, disclosing “your stuff” is not necessarily equal to giving 3rd parties access to view the content of “your stuff”.I hope this clears things up!
About Security and Permissions
Start a discussion in the Dropbox Community forum to get help with your account security and permissions. Find support from Community members.
Need more support
If you need more help you can view your support options (expected response time for an email or ticket is 24 hours), or contact us on X or Facebook.
For more info on available support options for your Dropbox plan, see this article.
If you found the answer to your question in this Community thread, please 'like' the post to say thanks and to let us know it was useful!