So, what gives?!
Starting Friday, 2018 May 25, a new European Union law takes effect, called General Data Protection Regulation (or GDPR for those of you who hate me) which will fine companies boat-loads of whatever their currency is for not complying with the new regulations.
So the good news is, it’s basically Friday; we should have already received all the emails we should be getting by now. The bad news is, I haven’t even scratched the surface in reading all of the updated Privacy Policies, and I’m sure there’s something sinister hiding in there somewhere…
But this is for Europe, why am I getting these emails in America?
Ever since the Facebook fiasco (Zuckerberg testifying and the Cambridge Analytica scandal) and how companies handle users’ private information, Europe is setting steep fines to companies that aren’t in compliance with these new regulations for European users, and since internet-based companies deal with users from all around the globe, those of us in America are getting the benefits of these changes despite not having similar Federally run regulations in line to protect us.
So what are these regulations and what changes are happening?
Before Friday, something called “implied consent” was allowed, meaning you could be added to a company’s email list without directly asking you. After Friday, companies must explicitly gain approval from users prior to collecting and adding email addresses to mailing list. For those in the European Union, this also includes IP addresses, name and home address, credit card numbers, etc. and it must be very specific as to WHAT they’re collecting, HOW they’re collecting/storing it, WHO has access to it, and HOW it will be used. This consent must also be documented and kept.
Most of what I mentioned has to do with transparency, but in this day and age with all the hacking and data-breaches, companies must now also notify their users within 72-hours of becoming aware of any data breach, putting a lot of the power back into the the hands of the user.
Lastly, companies must also give users access to their data, update or correct it, and also have the right to be forgotten. This also includes the right to anonymity, meaning no piece of data that a company has on you if you choose to remain anonymous should give you away.
All in all, these changes are good, and I hope the benefits will have a positive impact on other countries that aren’t a part of the European Union. If its any indication, all those emails are actually a good start! It’s just unfortunate that all these companies are sending out the updated Privacy Policies all at the same time, creating a more negative connotation for the consumer.
I was just thrilled to receive this particular email from Jib Jab, making it stand out from the rest: