Every so often, I am surprised at the outcome of an interaction like this. I replied to the new volunteer coordinator and expressed my displeasure, that I did not consent to transferring any of my personal info to that US company, and that they should just continue emailing me directly.

Usually at this point, I get weaselly or misinformed answers: "Oh, it's nothing" "Oh, it's not personal information, it's just your name, email address, location..." "But they have a privacy policy" [1] "Oh, I hadn't read their TOS or privacy policy, but I'm sure they would never ..."

Not this time. Their response, slightly distilled, was "We will continue emailing you directly as requested."

I set a low bar when it comes to expecting organizations to understand privacy issues, but every so often someone actually clears it. Makes a nice change.

[1] I'm not sure why [2] most companies even write a long, convoluted privacy policy when they all seem to contain "We reserve the right to make any changes to this policy at any time without notice or consent", and therefore the entire policy could be replaced with the sentence "We'll do what we want with your data, and we might tell you about it afterwards if we feel like it."

[2] A rhetorical device. Of course we all know the actual reason is to ensure no one will read the policy before agreeing to it.

#law #agreement #lawyer #privacy #policy #ContractOfAdhesion #PrivacyPolicy