At DriveSavers, we often receive requests for data recovery from grieving family members who don’t know the passcode to their loved one’s device.
Inundated with Privacy Policy Emails? Here’s Why.
By Michael Hall, Chief Information Security Officer
Chances are, your email box has been filling up for several weeks now with privacy updates and notifications of privacy policy changes coming from every kind of company, from Google to GoPro. The reason so many businesses are scrambling to update their privacy policies: GDPR.
The General Data Protection Regulations (GDPR) is the EU’s new mandatory privacy compliance, which officially went into effect on May 25th. The purpose of these new regulations is to protect the personal electronic data of EU citizens and make sure they are aware of their rights. Companies that do not comply with GDPR cannot continue to do business in the EU or with EU citizens. As a result, every website and email newsletter you’ve ever signed up for or signed into is making sure you know they are up to par.
What if You Don’t Live in the EU?
Whether or not you live in the EU, you’re still getting these emails (as you know). There are three possible reasons for this:
Citizenship is Unknown
Some companies are choosing to build exemptions into their terms of use and privacy policies, such as, “Depending on your location…” In these cases, the notifications aren’t for the benefit of non-EU citizens. So why are people who are, for example, U.S. citizens receiving them?
There are all kinds of reasons a person may receive these notices even if they are not a citizen of the EU. For one, most companies request contact and mailing info, but rarely citizenship info. You may be a French citizen living in Ohio. Or you may have dual citizenship. There are many reasons why companies are not going to take the chance when sending a regulation-required update.
Globalization
Many companies, like DriveSavers, prefer to have best practices in place for all of their customers, rather than just those that require it. If the new regulations that are required for EU citizens are an upgrade from what is required by the U.S. government (which they are), a business that truly has the interests of their customers in mind will apply those changes across the board, and therefore send updates to all customers.
Other Countries May Follow Suit
It’s generally agreed that the new GDPR regulations are an upgrade. Therefore, it’s only a matter of time before security-minded countries like the United States follow suit with their own regulations that meet or exceed those of the EU. Smart businesses are preparing for that by applying GDPR rules to all of their clientele.
What is GDPR Changing About Privacy Policies?
How often do you actually read a privacy policy before agreeing to it? Have you read your Facebook privacy policy? Amazon? New York Times? If you’re like most people, the answer is “no.”
Why don’t you read every word? Probably because privacy policies use legal language that’s annoyingly difficult to understand. And they’re long! The average website privacy policy is over 2,500 words. DriveSavers Privacy Policy is short by comparison, at only about 1,700 words. It takes the average person nearly 15 minutes to read the average privacy policy. And that’s only if you don’t fall asleep in the middle of it. In addition, most are purposefully convoluted so you don’t really know what you’re signing up for. That’s a big no-no under GDPR.
One purpose of the GDPR is to simplify privacy policies and terms of service so that customers can easily understand what they’re agreeing to before they click to consent. Hence, the big overhaul by every company you’ve ever signed up with, even if you haven’t opened their emails in ten years.
What Does the GDPR Say About Use of Your Data?
Per the GDPR, EU citizens have certain rights and may make a request to exercise them. Under certain circumstances, EU citizens have the right to:
- Request access to personal data
- Request correction of personal data
- Request erasure of personal data
- Object to some processing of personal data
- Request restriction of processing of personal data
- Request the transfer of personal data to themselves (the owner) or to a third party
- Withdraw consent
- Object to being subject to automated decision-making
- Lodge a complaint
These rights are big steps forward for personal privacy. For example, you can now download all of your photos and other entries from your Instagram account to keep on your own computer or share with another company. You couldn’t do that previously. That change is a result of GDPR.
What Changes has DriveSavers had to Make?
There are no changes in the way that DriveSavers stores, uses or shares your data, as our existing policies and procedures already complied with the new regulations, regardless of whether you are a citizen of the EU, the U.S. or any other nation in the world. Wherever you call home, the security and privacy of your personal data is fundamental both to our business model and our code of ethics.