| My attempt to extract the key changes: - Now collects IPs as "Personal Information" in addition to the previously-listed types - No longer claims that cookies do not contain Personal Information, and no longer claims that cookies are not tied to any form of Personal Information in their database (I'm guessing due to the first change, but not positive and not disclosed) - Adds language limiting the length of time they may hold Personal Information from previous "indefinitely" to current "as long as necessary according to applicable law" - Adds language limiting the terms of a user's "explicit consent" to collection of Personal Information - previously, usage was the entirety of consent, now consent is conditional upon DigitalOcean adhering "to the applicable law". - Hardens their commitment to not selling personal information from "will never intentionally" sell to "will not" sell - Adds relevant language throughout to adhere with EU-US Privacy Shield Principles, including a new section on the same. - Clarifies account deletion - even post-deletion they will retain email addresses and network logs, and possibly other Personal Information in cases where fraud or illegal activity has been determined by DigitalOcean or law enforcement. - Clarifies how to object to collection and disclosure of Personal Information; clarifies that such an objection will not affect service-level, transactional or legal communications. IANAL either, but hey. |