Menu Close

IDAC General Privacy Policy

Last updated January 31, 2020

When we use personal information, we do so in a reasonable and responsible way, minimizing the type of information we collect and hold, the period of time we retain it, and the ways we use that information. This Privacy Policy covers all of our operations, including the use of our websites, information provided when filing complaints and obtained throughout investigations, and management of relationships with our supporters.


We are the International Digital Accountability Council (IDAC) and you can find our contact information below. If you have any questions about how we use personal information or any requests relating to your information, please send an email to


Generally, processing personal information is incidental to our operations. The categories of personal information we process on a regular basis may include names, professional affiliation, contact details, and communications submitted to us.

We also have access to some personal information of users accessing our websites (including information automatically collected, such as IP address, time of visit, number of visits, preferred language, and time spent on the website). Please see our detailed Website/Cookie Privacy Policy for more information.

We typically obtain personal information directly from individuals. In limited situations, we also use the information we observe when users visit our website, if cookies are available (see Website/Cookie Privacy Policy for more details), and when we receive information related to our newsletters, such as whether an email was opened (unless this tracking is blocked by the user).

In performing our core activities, we may also obtain the contact details and affiliation of organizations or professionals, including developers, from publicly available or other sources.


We use the personal information we collect and retain in the context of investigations and  related reporting, to send communications related to our work, and for other IDAC related efforts.

Our emails may include web beacons or similar technologies to track when recipients open the emails to provide us with analytics information about our email communications, such as if the email was opened. Please choose plain text email in order to decline this tracking.


Sometimes we may share personal information with our partners. This happens when we perform investigations or engage in initiatives jointly with other entities.

We may also share your information with third parties that are our vendors and process personal information on our behalf and for no other purposes. For example, we may use:

  • an email delivery service,
  • an email and virtual common workplace service provider,
  • a provider of cloud services,
  • an online conference system provider,
  • a Customer Relationship Management service provider,
  • an online registration service provider (for participation to events we organize).

All of these service providers are based in the US.

We will share your information with government authorities only if the law requires us to do so or, in the case of IDAC formal investigations, as determined appropriate to address or remediate investigation findings.


We keep personal data for as long as necessary to facilitate our work. The period of time varies.

Information specifically related to investigations, including initial complaint reports, supporting investigation documentation, and final reports may be retained indefinitely. 

We will retain our Newsletter subscriber information until we receive an opt-out request or our emails are reported as undeliverable. In these cases, we will remove the email address from our newsletter database.

We will store contact details of registrants for our events and may use this information to send notice of future events and other IDAC information, unless or until we receive a request to delete the information.


We implement appropriate technical and organizational security measures designed to protect the security of the personal information we process. Although we do our best to protect your personal information, please remember that no one can guarantee that the internet itself is 100 percent secure.


For any questions related to this privacy policy or to access, correct, update, or request deletion of your personal information, please e-mail


If you are in the EU or EEA and interact with us, the processing of your personal data (or personal information) may fall under the General Data Protection Regulation. This depends on whether your personal data is processed in the context of us providing you services or monitoring your behavior. In addition to all of the above information, the following is applicable to you as well:

Legal Basis and Purpose

Know that we are a controller in the processing of personal data in relation to conducting our activities. We process your personal data:

  • on the basis of consent when you subscribe to our newsletters, when you request to be included among our contacts, such as for future events, or to follow our activity, and when our website places non-essential cookies on your device,
  • on the basis of necessity to enter a contract or for the performance of a contract when you provide us information, such as to register for participation to the conferences and other events we organize,
  • on the basis of our legitimate interests to:
    • communicate with relevant representatives and organizations for the purpose of initiating and facilitating investigations; we can rely on this ground, since there is a clear expectation the relevant representatives of such organizations and those involved in ongoing investigations may be engaged in our activities and that we will communicate with them.
    • engage with relevant stakeholders to promote principled data practices in support of emerging technologies, we obtain and maintain your professional contact details, using them to contact you as one of our stakeholders; we’ve balanced your rights and our legitimate interest and we believe that the small amount of personal data we process, the type of data (your professional contact information and your affiliation), your probable expectation to be contacted in relation with your professional expertise, as well as your ability to opt-out of this processing at any time.

Your Rights

You have the right to obtain access, rectification, erasure, restriction of personal data, portability of personal data, and to object to the processing under the conditions and restrictions laid out in Chapter III of the GDPR. You can also withdraw your consent at any time, when processing is based on consent, as described above. Just send us an email at with any request you may have regarding these rights.

International Transfers

We transfer your personal data to the United States whenever you interact with us. The US has not sought, nor obtained adequacy status from the European Union. The EU-US Privacy Shield framework obtained an adequacy decision. The level of protection of your personal data is not deemed equivalent to the one in the EU, unless the receiving organization is self-certified under the EU-US Privacy Shield. As a not-for-profit organization, we are not able to adhere to the EU-US Privacy Shield Principles.

We transfer your personal data on the basis of the derogations in Article 49 GDPR, particularly:

  • consent, for newsletter subscribers and processing in relation to addressing your inquiries;
  • necessary to enter into and for the performance of a contract such as for registration to participate in our programs;
  • our compelling legitimate interests to engage with stakeholders to advance our mission and bridge the understanding of the American and European privacy cultures, for obtaining the professional contact details and communicating with stakeholders for sending occasional invitations to events or exchanging information. For this last derogation, we take into account that we only process personal data occasionally, mostly from publicly available sources, concerning a very limited number of data subjects, in a non-intrusive way and posing no risks to rights of individuals.

As a matter of principle, we do not engage in any onward transfers regarding your data, beyond the access that our processors have to your data. Exceptionally, we share personal data with our partners when we organize events jointly. We select carefully our processors and our partners, having regard to their stance related to privacy, to their adherence to the EU-US Privacy Shield Framework or their implementation of other mechanisms that ensure lawful transfers of personal data from the EU.


If you have concerns, questions, or requests about how we process personal data, email If your concerns are not satisfactorily addressed, you can contact the  data protection Supervisory Authority in your country, pursuant to Article 77 GDPR.


If we make any material changes to our privacy policy, we provide notice by posting the revised policy with the date of revision on this page and provide notice of this change on our website home page. We will duly inform you of any changes via our platform and we will give you the opportunity to express your consent for processing your data for different and new purposes, or we will in any case inform you about the legal basis of such processing other than consent.

Website/Cookie Privacy Policy

Our websites use cookies, some of which are necessary for the web pages you visit to function, while others provide us information for statistical purposes, are used to provide social media functionalities, and a few are used by advertisers to personalize online ads. We also use web beacons, which is code that triggers browser to set cookies or return cookie data to servers.


Cookies are small data files stored on your device when you visit a website. They enable the website to remember your actions, preferences, and other information related to your visit (such as number of visits, login data, preferred language, time spent on the website, etc.), for a certain period of time.


You can control what cookies you allow via the settings of your web browser (Chrome, Internet Explorer, Firefox, Opera, Brave).

If you access our website from the European Union or the EEA: By default, when you access any of our websites, we only place cookies that are essential for that website to function on your device. You can accept additional cookies (such as those for analytics, social media plugins, or advertising purposes) through the control panel that appears when you access our websites. We will not place any cookies that are not necessary for the website functionality on your device unless you accept them from the banner.


Our website uses different categories of cookies:

Necessary cookies help make the website usable by enabling basic functions such as page navigation and access to secure areas of the website. The website cannot function properly without these cookies. If you access our website from Europe, we may use a cookie to remember if you have agreed or not to the use of analytics, social media, or advertising cookies. Your options are remembered for 12 months.

Statistical cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.

Marketing cookies can be used to track visitors across websites. The intention is to display ads that are relevant to the individual user and thereby more valuable for publishers and third party advertisers.

If you access our website from Europe, you will see an updated list of individual cookies in the pop-up banner through which you make your choice.


Contact us at