Check out any privacy policy that says they will never share or sell your data; the two boilerplate exceptions are law enforcement and transfering ownership of the parent entity. Two pretty big loopholes.
Uhh those seem like two really small loopholes. Buying the whole company makes sense. What is the alternative, the purchasing company has to accept that they'll purge all user accounts?
Law enforcement.. What do you want them to do? Turn down a legal court order and say "naaa"?
> Uhh those seem like two really small loopholes. Buying the whole company makes sense. What is the alternative, the purchasing company has to accept that they'll purge all user accounts?
Why not? The alternative is to allow a business model, in which you start a company with the sole purpose of vacuuming up data and delivering it to highest bidder by getting acquired.
> What is the alternative, the purchasing company has to accept that they'll purge all user accounts?
Have a transition window (say 3 months) before the sale goes into effect where users get to choose to either keep the account and allow the new owner access to the data, or to have their data destroyed. After that window, data from anyone who didn't respond gets deleted.
This led me to look up Honey's own privacy policy and I do not see such a disclaimer regarding change of ownership, in fact it specifically references what they can share with PayPal. [0]
>We know how important your personal data is to you, so we will never sell it. We'll only share it with your consent or in ways you'd expect (as we explain here). That means we will share your data if needed to complete your purchase, with businesses who help us operate Honey, or if we are legally required to do so.
>We may also share information in the following cases:...with our parent company, PayPal, Inc. and affiliates and subsidiaries it controls, but only for purposes allowed by this Privacy Policy;
So that sounds like commercial use of personal data is specifically protected with regards to the new parent. The policy does specify they can share your data in an "aggregate or anonymized format" without any caveats, though.
Sure does still raise the question of what PayPal spent $4bn on. From what I can read online, online retailers see a lot of benefit from the way Honey incentivizes users to complete a purchase instead of abandon the cart.
That is the privacy policy that users agree to if they joined post acquisition (probably because Paypal doesn't expect to sell it at this time), which is different than the policy that users agreed to when they joined pre-acquisition. They may have been forced to accept the new policy post acquisition anyway.
I think the weasel is this nibble here:
> but only for purposes allowed by this Privacy Policy;
The privacy policy is between the user and Honey, not the user and PayPal, which implies they are still legally separate entities ("parent company"). Unless Honey has an agreement with Paypal that it can audit and enforce - which as a subsidiary, why would it want to - then once PayPal has the data, its actual use of it is governed by the privacy policy between the user and PayPal if there is an existing relationship or ???
It sounds like all Honey and Paypal need to do is find a half plausible justification from the PP for the data transfer; once it's handed over, Paypal is basically free to do whatever it wants.
