Cybersecurity
In recent days, the WeTransfer platform has been at the center of the digital debate. What began as a subtle change to its terms of service ended up sparking mistrust among designers and professionals across all sectors, who until now had viewed this tool as a fast and secure way to share files.
The trigger was an ambiguous clause, added between late June and mid-July 2025, stating that uploaded content could be used “to improve the performance of machine learning models that optimize our content moderation process.” Although WeTransfer later assured the BBC that under no circumstances would it use those files to train artificial intelligence systems—and that its sole objective was to identify sensitive or illegal content—the reaction from users was swift and forceful. The uproar forced the company to rewrite the clause to make it “clearer” and emphasize that AI models are not used to process the files.
If you’d like to learn more about how this situation has unfolded and why it has generated so much concern in the professional community, you can read more in this article from La Vanguardia: Are your files training an AI without your knowledge? The WeTransfer case reopens the debate on the limits of digital privacy.
“Yes, they see what you send. And now they’re processing it too.”
For Eli Bernal, CEO of Tranxfer and an expert in digital security, what happened with WeTransfer goes beyond a passing controversy.
“Yes, it’s exactly what you’re thinking. Not only do they see what you send—if you didn’t know, they see it; they’ve been seeing it from the start—but now they also process it to understand and train their models. We may not yet know what they’ll do with that data, but if your team sends a contract, a confidential proposal, or a database, all of that could end up feeding an algorithm because you tacitly accepted certain terms via a pop-up,” warns Bernal.
Beyond the legal jargon, Bernal points to the root of the problem: the unconscious way in which some tools are used for convenience.
“The difference with social media is that there, at least, we know that what we upload will be public. Here we’re sending corporate information. WeTransfer functions as a transfer channel: you use it to send something private, not to display it. But when something is free, you are the product. And that convenience can end up being very costly,” he explains.
Shadow IT: the invisible risk in companies
WeTransfer has become an unofficial standard in many offices: fast, easy to use, and requiring no installation. But, as Bernal points out,
“The concern isn’t just that WeTransfer is changing its terms of service. The concern is that many companies don’t even know their employees are using it. And if you don’t know, you can’t protect yourself.”
This phenomenon is known as Shadow IT—the use of tools not approved by the IT department, outside the company’s radar. The consequences can be serious: ranging from violations of the General Data Protection Regulation (GDPR) to security breaches or data leaks.
Raising awareness and offering solutions, not just banning
Blocking services like WeTransfer without offering real alternatives is a recipe for failure, according to Bernal.
“The easy solution is to ban it, and technically it’s very simple, but that doesn’t solve anything. You have to offer secure, easy, and reliable alternatives. We’ve been working on this for years: solving file transfers with third parties, whether they’re machines, processes, or people. And we’ve succeeded.”
At Tranxfer, their specialized platform allows companies to send documents securely, ensuring regulatory compliance without sacrificing usability.
“The challenge isn’t technical; it’s human. We need to raise awareness among thousands of employees and offer a solution that’s as robust as it is simple. Because if it isn’t easy, they won’t use it. Our main industry is banking and financial services, but the risks exist in every sector,” says Bernal.
Digital Sovereignty: From Ideal to Necessity
The WeTransfer case should serve as a turning point for information management in companies.
“We need to change our mindset. Data isn’t just a collection of documents. It’s a strategic asset. And as such, it must be protected just as we protect the company’s cash reserves, intellectual property, or reputation. Can we really allow a third party, no matter how large or popular it may be, to have access to all of that without any control? The answer is clear: no,” concludes Bernal.
For Bernal, the concept of digital sovereignty must cease to be an abstract ideal and become a practical necessity:
“What is at stake is control over who we are as a company, over what we think, design, sign, and share. Digital sovereignty starts with not giving away our data, maintaining control, and making decisions aligned with our organization’s strategy and values.”
What to do now
Bernal recommends concrete steps for companies:
- Audit which platforms are actually being used.
- Review who has access to what and under what conditions.
- Replace tools without guarantees with solutions designed for corporate environments.
- Support teams through the change, prioritizing clarity and reliable tools.
“Not everyone understands cybersecurity, but they do value clarity and good tools,” concludes Bernal.
