Under GDPR, consent must be freely given GDPR Article 7 Conditions for consent. Cricut’s requirement to use cloud-connected software to operate a purchased machine restricts users’ freedom of choice, which is problematic because:
Consent Cannot Be Conditional: Users are forced to accept cloud processing to use the machine for its primary purpose.
No Real Offline Alternative: Without an opt-out option, Cricut risks violating GDPR’s standard for valid consent.
This also challenges GDPR Article 6 Lawfulness of Processing, which requires an appropriate legal basis for data processing.
Other references: Cricut Terms of Use (June 7, 2024), Cricut Privacy Policy (March 31, 2022)
| Don’t know what that is.
Apologies, I should have provided more context! Cricut is a company that sells vinyl cutter machines with printing features often used to create stylish cards, envelopes, and crafts. For example, you could receive a physical card or letter created with Cricut that contains your personal information (like addresses or messages) even if you don’t use their services. This raises concerns because files with such private data are automatically uploaded to Cricut’s cloud without user control, which. I think. infringe GDPR.
Thank you for your valuable insights! I agree that complaints, legal claims and boycotts are valid approaches to push for accountability.
Online accounts are not part of the primary purpose of acquiring the device. When purchasing a vinyl cutter or printer, users do not initially agree to a software license which is enforced later on with changing terms over time. Additionally, SVG files created with Cricut are expected to contain private information about third parties, such as addresses and messages, since the tool is designed for creating personalized items like cards and invitations. This raises serious data privacy concerns, as those individuals have not consented to their data being processed by Cricut, violating GDPR principles related to consent and purpose limitation.