Take Note: Nevermind our Privacy Policy Change

Evernote is revisiting proposed privacy policy changes after user uproar. Makers of the archiving app announced a new policy at the end of 2016 which included Evernote employees the ability to view user notes. The kicker is that while app users could choose to opt out of that, the company policy would leave room for employees to snoop for other reasons.

The Elephant in the Room

Millions of people save text, photos, and documents on Evernote accounts to make their data available on any device. The data is stored and users may choose to share it with family members or coworkers or keep it to themselves. Notes can be pictures, voice recordings, text, screengrabs, handwritten transcriptions, and attached files. Users can search through their note collections, add comments, export them, and organize them into workbooks. There is a free version with limited storage and two levels of paid subscriptions.

Data Access

One of the benefits of Evernote is the ability to collaborate by sharing workbooks and notes. Users select which notes are accessible to whom and hide others from view. But the new privacy policy would change all of that. Explained as a means to improve machine-reading abilities, the new privacy policy would have granted Evernote employees access to view users’ notes. And there is no way out of it. Users could opt out of providing access for machine reading training algorithms, but there would not be an option to opt out for other reasons such as the ”need to do so for troubleshooting purposes or to maintain and improve the Service.”


Evernote got an earful from angry users concerned about data privacy for several days following the new policy’s announcement. Paid subscribers vowed to take their data elsewhere. Forums were filling with posts questioning the move. Then, Evernote CEO Chris O’Neill made another startling announcement, “As a result of feedback from you, our customers, we have decided to withdraw the changes we announced.” The company still plans to move forward with machine-reading technology, but only verify its results with users who opt-in to participate.

AppleGoogleMicrosoft, and others have competing software. Privacy experts will be watching whether Evernote’s PR misstep caused users to jump ship.


Evernote, an archiving and notetaking app, angered many users by announcing a privacy policy change in 2016. The policy allowed employee access to account data to verify machine reading accuracy. Users could opt out of the sharing. Further reading the policy, users may not opt out of employee eavesdropping for “troubleshooting.” Several days after announcing the change, Evernote published an about-face and rescinded the changes.

CIPT Exam Preparation

In preparation for the Certified Information Privacy Technologist (CIPT) Exam, a security professional should be comfortable with topics related to this post, including:

  • The Information Life Cycle: An Introduction (II.B.)
  • Privacy Considerations in the Information Life Cycle: Notice, Choice/Consent (III.A.a-b.)
  • Privacy Considerations in the Information Life Cycle: Secondary Uses (III.B.c.)
  • Privacy Considerations in the Information Life Cycle: Disclosure (III.C.a.)
  • Privacy Considerations in the Information Life Cycle: Retention (III.D.b.)

Leave a Reply




You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>