Samsung vs PayPal

Samsung's data appetite is unusually broad for a hardware maker: voice recordings stored on servers with potential third-party retention, keyboard input logging via Predictive Text synced across devices, and persistent hardware identifiers that survive ad-ID resets. The company explicitly acknowledges that sharing with business partners may constitute a data sale under US law (CCPA). Full GDPR-grade rights are reserved for EEA/UK/Swiss residents; everyone else gets basic access and deletion with no response-time commitments. Retention timelines are vague and there are no named security certifications or breach notification windows.

PayPal collects an unusually broad set of financial, behavioural, and biometric data — then retains it for ten years after you close your account. Automated systems can freeze or terminate your account with limited recourse, your purchase history is shared with merchants for personalised shopping by default, and your data trains PayPal's AI models. Some of this is legally required for a financial institution, but much is not.