Here’s Why You’re Getting All Of Those Emails About Privacy Policy Updates


Desperate employee, stressed young man resting head on laptop keyboard

Over the past few weeks, you have probably noticed that your inbox has been flooded with emails alerting you that companies have updated their privacy policy. And if you enjoyed your Memorial Day weekend and haven’t checked your email since late last week your inbox may look something like this.

So why is every company under the sun sending these “We’re updating our privacy policy” emails? It’s because corporations are being forced to by a new European law. Even if you’re not European, the new guidelines pertain to any app or website that could be utilized by European citizens, so pretty much every website and app.

The new law is called the General Data Protection Regulation (GDPR) and it went into effect on May 25 after it was introduced two years ago. Companies are making a late push to make sure that their apps and websites meet the new guidelines because if they fail to do so there’s a potentially massive fine of up to 4% of their global revenue or 20 million euros (whichever is higher). The new rules are an attempt to protect the personal data and privacy of EU citizens.

Apps and websites collect a lot of personal data whether you realize it or not, such as name, gender, marital status, age, and where you live. That data is used for targeted advertisements and marketing. The GDPR forces companies to be more transparent and provide more details on how they acquire your data, how they use it, and who they are giving that information to.

The 261-page law states that companies must get consent from users before storing and “processing” their personal information. For the consumer that means you’ll receive simpler language about data collection and less vague legalese and pages of terms and conditions. “Consent must be clear and distinguishable from other matters and provided in an intelligible and easily accessible form, using clear and plain language,” the GDPR says. The requests to get consent must be “freely given, specific and informed.” Companies must give notifications when the users’ data is being used.

According to a study by mobile-software development management platform SafeDK, over 55% of top apps failed to meet GDPR stipulations.

Some apps have not been able to abide by the new rules and were forced to shut down for good. Klout, the site which measured how much social media influences accounts have, closed down on May 25. Email unsubscribing service announced they could not comply with the GDPR regulations and announced that they would stop the service for European users. Mobile games such as Loadout and Super Monday Night Combat also were killed by the GDPR.

The major regulatory overhaul is a step in the right direction, but remember this doesn’t necessarily change how companies use your personal data, they only have to be more transparent that they are grabbing your personal information. Google’s updated privacy policy update reads: “Nothing is changing about your current settings or how your information is processed. Rather, we’ve improved the way we describe our practices and how we explain the options you have to update, manage, export, and delete your data.”

Another aspect to the GDPR is that apps are not allowed to collect data about children under the age of 16. Also, companies must alert users of a data breach within 72 hours. “GDPR will put public pressure on companies to disclose more information about breaches around the world, much quicker than they have in the past,” said Travis Jarae, chief executive officer of security advisory company One World Identity.

Apps have freely enjoyed widespread data harvesting for years now, but after the Cambridge Analytica scandal, there has been a new focus on online privacy. This new law could be the first wave of companies being forced to respect the personal data of consumers. You can check out the plethora of hilarious memes spawned by the privacy policy update emails HERE.