Why you've been getting so many privacy policy update emails lately

Sonaam Hitang

Mobile Developer

"Updating our Privacy Policy." "Updates to Our Privacy Policy." "Announcing updates to our privacy policy."

The list of updated privacy policies in my inbox goes on and on -- and if you've signed up for an online service or an app, these emails are most likely in your inbox, too. 

It's no coincidence, all of these tech companies suddenly updating their privacy policy. This flood of privacy policy updates is actually coming because of a new European Union law kicking into effect. The General Data Protection Regulation (GDPR) aims to change how tech companies collect and use data from millions of people every day. GDPR now requires companies to explicitly ask to collect your data and allow you to delete any information they collect from you. And while the GDPR may stem from Europe, its effects are a bit more global. GDPR is meant to require companies to be more transparent about their data policies and to give customers more control over their own info.

 

It’s not just social-media companies such as Facebook, Instagram, and Twitter, which have updated their policies, but ones such as NameSilo, Fitbit, and e-commerce firms, pretty much any tech company that collects data on you for whatever reason.

Before the GDPR, implied consent was allowed, meaning that companies could add you to their email lists without directly asking you to opt-in, whether you wanted to be on those lists or not. Now, they need to specify explicitly what they do and don't with your data.

Most likely only a handful of people actually read the policies. If you do skip these updated privacy policies though, you'd be unaware of all the new data protections that GDPR gives. Here's a quick cheat sheet. You're now able to:

Ask a website to delete data that it holds on you

Download all the data that a company has stored on you

Find out how that company is using your data

Any firm that doesn't comply could face fines of up to 4 percent of its global profits.

This all conclude with the idea of protecting the user's data and granting them all the rights over their own data, which is GDPR’s ultimate goals.