JSM's link to ZenDesk is just a read-only FAQ page, there is no equivalent to the User Community. Adobe have decided, for reasons best known to themselves, that they don't want Spark discussed.
To answer your original question; a legally-binding statement on Spark and GDPR will not be forthcoming. Putting it politely, Adobe's stance on GDPR compliance is...imaginative. If you're a million-dollar enterprise customer using the Analytics platform you can have all the signed paperwork you want, if you're not then you're on your own. No DPA, no SCCs, no policy documents. All you get is a statement that Adobe believes it complies with Privacy Shield for its business customers.
Adobe is a US corporation subject to the CLOUD Act with servers (both internal and third party) located in several parts of the world, and there is no way for a customer to exercise control over where their data is siloed (as there is with AWS, Azure, etc.) nor is there any transparency over how Adobe does backups, data deletion, physical security, etc.. If a product activates "sharing" on a cloud asset, then other than the tools available in the product itself - for example some allow you to enforce a password, some do not - you have no control over who can access that asset; if they find the URL then they're in. Customers cannot apply IP-based access controls to any Adobe online service. You should also bear in mind that Adobe websites include user-tracking code for which GDPR consent is required, and your own legal advisors need to consider if that is actually happening on the pages your staff and students will be using.
5
Replies
AdChoices