🐈
» Support » Resources » Product Release Notes » Upwork and GDPR Compliance
Page options

Upwork and GDPR Compliance

lenaellis
Community Member

 

We know there's been a ton of buzz out there around GDPR and not to worry, Upwork has been on top of it. We've done the necessary due diligence to be in compliance with these requirements. The General Data Protection Regulation (GDPR) comes into effect in Europe on May 25. This new legislation is all about giving EEA residents (EU countries + Iceland, Liechtenstein and Norway) more control over their personal data online. The upcoming changes impact EEA residents, but you may also be affected by these regulations if you do business with someone from Europe.

 

What does this mean for EU user data on Upwork?

 

First, we’d like to clarify how Upwork is complying with GDPR for EEA residents and summarize some of the changes we’ve made (these changes will be accessible on May 25th).

  • We’ve updated our privacy policy to be more transparent about how we obtain, store and process your personal data.
  • We’ve updated our processes to make it easier for you to control the data you provide to us. You can request access to your personal data and also request that any inaccuracies in your data be rectified.
  • We’ve given you the ability to readily delete your account data by completing our Subject Access Request, SAR, form.
  • We’ve added a GDPR area on our Legal page. We’ve also Included GDPR references in our Help Center and Hiring Headquarters, with articles explaining how to exercise your rights.

We value our users’ privacy and their rights to control their personal data. Regardless of where you call home, you may delete your account or request the deletion of all personal information we have about you at any time. However, we will only be following the requirements outlined by the General Data Protection Regulation (GDPR) for those living in the EEA. If you live elsewhere, we will be happy to delete your data to the extent we can reasonably do so.

 

Here in the Community forums and on our blogs, nothing will change for EEA users. If you participate, your comments and questions will be publicly displayed. Since your posts are public, others will have access to your forum content and may use it or share it with third parties. If you choose to voluntarily disclose Personal Information in these forums and have your profile visibility set so that your Community Forum profile links to your Upwork Profile, that information will be considered public information and the protections of the updated GDPR Privacy Policy will not apply. That being said, you can still request to have your personal information along with your posts removed from our blog or community forum, just contact us at https://support.upwork.com.

 

What does this mean for your business on Upwork?

 

The GDPR is a set of guidelines set out by the European Union, to give EEA residents more control over how companies collect and use their data. As mentioned previously, these will come into effect on May 25th, 2018. These guidelines not only give more rights to EEA residents, they also permit all businesses to operate under one set of clearly defined guidelines and rules. GDPR will apply to any company processing personal data belonging to EEA residents, no matter where they reside.

 

One of the most important steps that you can take is to familiarize yourself with the General Data Protection Regulation (GDPR), including the rights that it grants to EEA-based individuals and the obligations that it places on businesses that process these individuals’ personal data. That said, we can’t advise you on your specific legal obligations.

 

As a freelancer, if you are likely to process the personal data of someone living in the EEA as part of your work for your clients, you may want to take this Data Protection Self-Assessment offered by the UK Information Commissioner’s Office.

 

Clients, you may want to start with GDPR FAQs for Small Organizations, which is a great resource provided by the UK Information Commissioner’s Office, along with our Hiring Headquarters article. You may also want to reach out to an attorney or advisor if you have further questions.

29 Comments
versailles
Community Member

In addition to the link that Lena shared, here is the general data protection regulation (GDPR)
page on the European Council's official website. It's more legalese, but it's the official reference.

wendy_writes
Community Member

Upwork, since the platform has no choice but to comply with GDRP for many of Europe's users, does it not make sense to roll out equal protection for users worldwide?

 

The system is in-place and all of us would appreciate having equal privacy and protection.

versailles
Community Member

@Wendy C wrote:

Upwork, since the platform has no choice but to comply with GDRP for many of Europe's users, does it not make sense to roll out equal protection for users worldwide?

 

The system is in-place and all of us would appreciate having equal privacy and protection.


Microsoft and Apple, for instance, decided to apply the GDPR guidelines globally. For some reason (Lol), Facebook enforced the GDPR only to the minimal legal requirements 🙂

 

Since Upwork is not a company that makes money with its users' data, it would make sense to allow all its users to take advantage of the same protection that EU users are enjoying.

wendy_writes
Community Member

Mods, please comment on Rene's and my suggestion - query - however you want to term it.

VladimirG
Community Manager

Hi Wendy and Rene,

 

Thanks for your feedback and suggestion, at this time these changes only apply to EEA residents. However, all users have the ability to request for their account and personal information to be deleted at any time.

wendy_writes
Community Member

Vlad, wouldn't a FLer invoking a "request for their account and personal information to be deleted at any time" amount to having their ability to effectively use the platform to find freelance jobs as well as to transfer funds be rendered void?

researchediting
Community Member

@Wendy C wrote:

Vlad, wouldn't a FLer invoking a "request for their account and personal information to be deleted at any time" amount to having their ability to effectively use the platform to find freelance jobs as well as to transfer funds be rendered void?


“Lump it or leave it” seems to be an increasingly popular response from Upwork to user concerns. 

jr-translation
Community Member

 


@Vladimir G wrote:

Hi Wendy and Rene,

 

Thanks for your feedback and suggestion, at this time these changes only apply to EU  residents. However, all users have the ability to request for their account and personal information to be deleted at any time.


Please make sure you refer to EEA no the EU, otherwise you are ignoring several million people.

claudiacezy
Community Member

What about "data portability"?


If technically feasible, will we be able to transfer from a freelancing website to another the work history & feedback? Any plans in this regard?

versailles
Community Member

@Claudia Z wrote:

What about "data portability"?


If technically feasible, will we be able to transfer from a freelancing website to another the work history & feedback? Any plans in this regard?


GDPR has provisions that allow you to download your personal data from a website, it doesn't force a website to transfer everything to another website. You can download your work history from Upwork and give it to another platform, swearing that it's authentic and demanding that they include it in your profile. But don't be surprised if they refuse.