Here's Why You're Getting So Many Privacy Policy Emails

Heads up: There's a new and very complicated European privacy law. Here's a breakdown.

Over the past few months, updated privacy policies have likely flooded your inbox.

So. Many. Emails.

You've probably seen new privacy and cookie notices on websites, too.

Some random apps also seem to be shutting down, out of the blue.

Twitter's apps for Roku, Android TV, and Xbox are no longer available. Klout, Favstar, and a multiplayer game called Super Monday Night Combat are dead.

Instapaper is temporarily shutting off access to European users, while an online game called Ragnarok Online is shutting down European servers after a decade in operation and, the inbox declutter app, is closing its service to European users. A Chinese smart home company named Yeelight even disabled its Wi-Fi-connected lightbulbs.

If you're wondering why all of this is happening, it's because of a new European law, called the General Data Protection Regulation (GDPR for short), that's very easy to understand.

new GDPR privacy policies are great for reminding you which apps you signed up for in 2010 and never used again

Just kidding! It's extremely complicated and also 261 pages long!

Companies with European users are sending emails with updated privacy policies, in order to comply with GDPR.

The future of email is just receiving GDPR privacy notices until your inbox fills up and you no longer have the will to use email anymore.

You, presumably a non-European citizen, are getting those policies because if a company — based anywhere in the world — collects personal data from European citizens, it must follow GDPR's rules. So, many companies are rolling out new data policies to everyone. Including you.

Because GDPR requires companies to get consent from users before storing and "processing" (or analyzing) their personal information, they're sending updated policies and asking you to agree to them.

Companies are desperate to comply with GDPR, because if they don't, there's a fine of up to 4% of their global revenue or 20 million euros (whichever is higher).

To put that into perspective, last year Apple made $229.2 billion (or 195,553,440,000 euros) in revenue, and 4% of that is $9-ish billion.

So, what the heck is GDPR? The first thing you need to understand is that apps and websites collect all sorts of data — or personal information — about you.

That data can include things like your name, gender, marital status, age, or where you live. Collecting that information, and using it to show you targeted advertisements, is how a lot of apps and websites offer their services for free.

But data collection can easily go overboard. In 2010, Facebook invited app developers to make games and apps on its platform and gave them access to extensive user data. Your notes! Your friends' names! Your religion! Your chat online status! It was a data free for all! They could suck up everything related to you and your friends. That was at the heart of the Cambridge Analytica scandal, in which up to 87 million Facebook users had their data inappropriately accessed.

The second thing you need to understand is how GDPR is supposed to protect you.

Attended a GDPR compliance event today. At the end we were given a feedback form requesting our email address with no explanation of what they’d use it for, where they’d store it or how long they’d keep it for. Outstanding.

There are a LOT of new ways companies must treat and protect your data under GDPR (remember: it's 261 pages).

You can opt out of sensitive data collection and request that companies remove certain personal information (including, but not limited to, phone number, email, birthdate, employer information, medical history, political affiliation, and location data). Under GDPR, you can also see how your information is being used, and it requires companies to get consent before collecting it. In addition to that, companies will now have to report data breaches within 72 hours of them happening.

There's a lot more in there too. Here's an official guide to GDPR and all that it covers.

Companies like Facebook and Slack are creating new GDPR-compliant tools to easily view and remove collected data.

In an emailed statement, a Facebook spokesperson said, "Our recently expanded tools for accessing your information will allow people to see their data, delete it, and easily download and export it. These tools are available globally, although we designed them to comply with GDPR too. We’ve also updated our Activity Log on mobile to make it easier for people to see the information they’ve shared with Facebook from their mobile device. (Again, global)."

"WARNING. In our butcher's shop we might ask your name and remember your meat-related preferences. If you are worried about this, please enter the shop while shouting 'I DO NOT AGREE!', and we will henceforth pretend we don't know you." #GDPR HT @PhRoose cc @bobnease

So, anyway, that's why you're getting a bunch of emails.

You should really check those emails, too. Some companies are requiring you to actively give your consent, and may remove you from their mailing lists if you don't.

And if you still don't understand GDPR, maybe this will help.

Here is a cartoon. It unravels the many mysteries of data protection.

Skip to footer