Memrise and GDPR

Is anyone else’s school starting to ask awkward questions about Memrise and Data Protection compliance? (The new law comes into force in the EU on May 25th)?
My data protection officer says he has had no reply from memrise :frowning:
This could be the kiss of death for memrise in schools.

1 Like

I agree. Memrise seems to me to be far too cavalier and lackadaisical about fulfilling their duty to comply with all of the prevailing laws and regulations in the countries, provinces, states, etc., in which they operate. It seems to me that they think that they can just ignore the laws and regulations, as easily as they ignore their customers’ complaints in the forums. I have a feeling that the government regulators won’t be as tolerant of that behavior as their users are.

And I don’t think that their behavior is compatible with the long term survival of the company either, which is regrettable, because they started with so much promise and enthusiastic support from their users, and threw so much of that good will away over the years. :frowning:

1 Like

oh dear. I fear you may be right.

1 Like

Found this:

Doesn’t explicitly mention GDPR but does mention 25th May 2018.


The security of our users’ data is extremely important to us.

Please see our Privacy Policy which sets out how we process and protect personal data in accordance with the EU General Data Protection Regulation.


Your own so-called “Privacy Policy” belies your claim.

From Section 3: …[Y]our Personal Data may be shared with third-party providers of hosting, email communication and customer support services, analytics, marketing, advertising (including Amazon Web Services and Google in the United States, both certified to the Privacy Shield). For more details on the third parties that may place cookies through the Website, please see the “Cookies” section below. Following our instructions, these parties may access, process or store Personal Data in the course of performing their duties for us.

From Section 6: We may use cookies or other technologies on our Website or Apps that collect information about your browsing activities over time and across different websites following your use of the Website or Apps. We may allow third party service providers and other third parties to do the same. We currently do not respond to “Do Not Track” (DNT) signals and operate as described in this Privacy Policy whether or not a DNT signal is received.

From Section 9: Memrise does not knowingly collect Personal Data from children under the age of 13.

So, let me summarize.

You give yourselves permission to spread your users’ Personal Data around the world for the purposes of marketing and advertising, and you ignore the “Do Not Track” (DNT) signal, which is your users’ explicit instructions not to track them across different web sites, giving yourselves permission to track their browsing activities “over time and across different web sites.”

What legitimate reason is there for you to track your users on websites other than Memrise, especially after they have told you not to do so? What if they are browsing information about sensitive health matters, or sensitive legal or other highly personal topics? Why should you and your employees know about that?

And you also fail to acknowledge in your “privacy policy” the sovereign laws of those EU nations that have set the parental consent age for the processing of Personal Date higher than 13 years.

But you come here and claim “The security of our users’ data is extremely important to us,” and expect us to take you seriously?!


@xvg11 - Thanks for your feedback. I’ll be sure to pass it on to the rest of the team.

In the mean-time, if you would like to exercise your rights to erasure under GDPR, please send a message to (Contact Us) and we can schedule your account for deletion within the next 30 days. This will ensure those statements mentioned in the privacy policy will not apply to you.


Your sarcastic reply is typical of the worst behavior on Memrise’s part. You ignore your user’s legitimate questions, and try to deflect by telling me that you can delete my account.

You have no self-awareness, do you? You don’t realize that this type of sarcastic reply makes you look disreputable, and that you have no respect either for your users or the law?

You claim to have over ten million users, and these terms should not apply to any of them.
Why should you be spreading their Private Data far and wide, and tracking what they do on other sites. This isn’t about me. What you are doing is wrong, even if I am the only one who calls you out on it. Better you should hear it from me than read it in a formal complaint from a Data Protection Minister.