Does 1password fall into GDPR requirement and why?

Trishaelwood
Trishaelwood
Community Member

Can you give few details on why ?


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • AGAlumB
    AGAlumB
    1Password Alumni
    edited May 2018

    @Trishaelwood: Yes. Many of the facets of GDPR are inherent to our security design and implementation. 1Password has been and always will be Private by Design, and Private by Default, so it was just a matter of dotting our i's and crossing our t's, so to speak (e.g. lots of research and paperwork). You can find more details on our policies on our support site:

    AgileBits GDPR Statement

    We simply don't collect information or monitor our customers except to the extent that we must to provide service (i.e. you need to connect to our servers and sign in, pay for device, etc.)

    I hope this helps. Be sure to let us know if you have any other questions! :)

  • XIII
    XIII
    Community Member

    The transfer of 1Password Service Data to the United States has not yet been shown to comply with Articles 44–50 of the GDPR, and therefore European users of 1Password.com must accept the risk of data transfers to the United States or use 1Password.ca or 1Password.eu.

    Can you please explain the risk of using .com for European users?

    Is there a way to convert from .com to .eu that keeps the Early Bird benefits?

  • Ben
    Ben
    edited May 2018

    Can you please explain the risk of using .com for European users?

    Your (encrypted) data will be stored in the US and your customer data (name, email address, etc) will be available to our US based team members. One upside of this is that you’ll be able to get account related assistance more quickly as more of our team is able to assist, but that is likely a small concern.

    Is there a way to convert from .com to .eu that keeps the Early Bird benefits?

    I’m not sure if the .EU and .CA instances have the Early Adopter special at all. Being based in the US I’m not able to check. But if you reach out to us at sales@1password.com we can put you in touch with someone who can better assist. :)

    Thanks.

    Ben

  • jpgoldberg
    jpgoldberg
    1Password Alumni

    Can you please explain the risk of using .com for European users?

    We treat everyone's data the same (other than physical location). The only "risk" is that you may not have the legal protections that otherwise enjoy as a European. If you feel that we are not treating your data appropriately in in a way that you can't resolve directly with us, Europeans and Canadians can (and should) raise those issues with their appropriate regulatory authorities. Note that this isn't really a .com vs .eu issue. European users of .com can also go to their data protection regulators, but we ask that users of .com accept that their data is hosted in the US and that AgileBits personal working the the US can see account information.

    We did not have to change anything substantive about our practices or design to comply with GDPR. From our inception, we followed a principle of privacy by design, so getting ready for GDPR has largely been about how to word and present things. The one actual data handling change we made was in recording "consent" and setting procedures for handling data erasure requirements. We are doing this across the board, including for .com users.

  • XIII
    XIII
    Community Member

    If I decide to migrate, how much manual work is involved?

    (I’m especially worried about the many links I created between entries, as well as custom icons)

  • AGAlumB
    AGAlumB
    1Password Alumni

    @XIII: That's a very good question. It really depends on just how many links you've setup. All of them will be broken, since the items will have new UUIDs generated in the destination vault and be reencrypted. It's certainly doable, and very straightforward to copy between accounts otherwise, but links do involve some manual work.

  • XIII
    XIII
    Community Member

    Bummer. That will be a lot of work in my case...

    Ironic as well, since GDPR is also about data portability...

  • AGAlumB
    AGAlumB
    1Password Alumni

    I hear you. Unfortunately portability isn't the issue. Moving the data is the easy part; organizing it is a bit trickier... :(

  • telephoneman
    telephoneman
    Community Member
    edited May 2018

    @XIII I moved to EU platform a while ago. just create a second EU account, add it to 1 Password and then Move within the desktop app all items to the new one.
    In that time as I did that it was not possible to do that with documents or other attached files (had to export and import them) and also the links between items got lost... (dont know how this behaves in current 1password 7 release)

  • AGAlumB
    AGAlumB
    1Password Alumni

    Thanks for sharing your experience! There aren't major changes to Document/link handling in 7.0, but we've got a long development cycle ahead of us with plenty more improvements to come. :)

  • tiantai
    tiantai
    Community Member

    Is the Right to be Forgotten available on your .com and .ca sites (a part of EU's GDPR, right?).

  • AGAlumB
    AGAlumB
    1Password Alumni

    @tiantai: If you delete your account, all of the associated data will be purged, if that's what you mean. I'm not sure it's possible to be more forgotten than that. :)

This discussion has been closed.