Skip to main content

Why Is Everyone Updating Their Privacy Policies?

keyboard says privacy

This morning, I opened my email inbox to find yet another privacy policy update from a site whose privacy policy I was never really all that worried about, and I’m not alone. All across the internet, everyone is being bombarded with privacy policy update notices from nearly every last online service they’ve ever signed up for, which can start to feel kind of eerie when it happens all at once like this. Online privacy has been a major national conversation lately, what with Facebook’s role in the election and Mark Zuckerberg’s half-hearted apology tour, but this is actually the result of something international.

While we struggle for even the most basic accountability from our tech companies, the European Union is going on the attack with a new law called GDPR (General Data Protection Regulations). The law, ironically enough, is about as massive as the bloated privacy policies it seeks to simplify, coming in at 261 pages that you can read for yourself, but you probably won’t, which is exactly the problem with many privacy policies—beyond the “legalese” they employ that typically leaves even those who read them confused about exactly what they’re agreeing to. In that case, it’s often hard to tell when a company is just covering its own ass for totally normal purposes or planning to do something nefarious, and that ambiguousness isn’t exactly an accident.

So, the basis of the GDPR is essentially to simplify all of that and require online services to allow users to willfully opt in to more simplified, specific ways in which their data will be used, rather than leave them trying to find out how much they can opt out of later on. (It also has other functions, like putting more responsibility on businesses for stolen or misused personal data.) Though it’s a European law, internet-based companies’ wide international reach means that they’ve all had to make adjustments to comply, resulting in the scramble of privacy policy updates you’ve noticed in recent weeks.

That all culminated with the official start of the new standards today, and even all those privacy policy updates haven’t gotten everything 100% prepared and above board. This morning, the BBC reported that a number of big U.S. news sites had gone down in the EU due to GDPR. Meanwhile, Facebook and Google are already facing complaints over violations of the brand new regulations, thanks to privacy activists who were standing by to nail them as soon as GDPR went into effect.

ZDNet reports that Austrian lawyer Max Schems, who has successfully litigated against Facebook in the past, through his crowdfunded “None Of Your Business” group, has launched a coordinated campaign of complaints: “The first, over Android’s “forced consent”, was filed in France. Facebook is being complained about in Austria and its subsidiaries, WhatsApp and Instagram, are being targeted in north-German city Hamburg, and Belgium respectively.”

And that’s likely only the beginning. While we’d like to get some more modern protections of our own here inside the U.S., it’ll be interesting to see, in the near future, how online businesses change their ways in reaction to GDPR.

(image: g4ll4is on Flickr)

Want more stories like this? Become a subscriber and support the site!

The Mary Sue has a strict comment policy that forbids, but is not limited to, personal insults toward anyone, hate speech, and trolling.—

Have a tip we should know? [email protected]

Filed Under:

Follow The Mary Sue:

Dan is many things, including a game developer, animator, martial artist, and at least semi-professional pancake chef. He lives in North Carolina with Lisa Brown (his wife) and Liz Lemon (his dog), both of whom are the best, and he will never stop reminding The Last Jedi's detractors that Luke Skywalker's pivotal moment in Return of the Jedi was literally throwing his lightsaber away and refusing to fight.