Yes, I know you are sick of hearing about GDPR and, like me, you have been inundated with hundreds of emails pointing your attention to updated privacy policies, terms and conditions and subscription maintenance. These are all the outcome of European GDPR legislation that seems to have affected much more than just the privacy of the European population it was designed to protect.
However, you may not be aware of the incredible amount of GDPR bungling that has occurred by companies big and small that have misinterpreted the new rules, simply ignored them or were given lousy guidance on how to manage them.
The Register reported on some great bungles in the run-up to GDPR date. The most common was the sending out of GDPR compliance emails to non-blinded lists, i.e. every receiver of the email can see every email address it was sent to.
“Topping the irony charts is ad-blocker Ghostery, which sent users an email with more than 500 addresses in the “To” field, the text of which assured them that the biz was on top of the General Data Protection Regulation and had put stringent measures in place to protect their data.
“We at Ghostery hold ourselves to a high standard when it comes to users’ privacy,” stated the mass email – sent to El Reg by a reader who described the company “a shower of pillocks”.
For some, the solution was simply to shut up shop to those pesky Europeans that had the audacity to buy from them, subscribe to them or communicate with them. Digit was quick to point out that some serious US news sites had simply blocked all European visitors’ access to their websites.
“NY Daily News, the Chicago Tribune and the Los Angeles Times are just some of the big name online news outlets that have blocked visitors from EU countries. If a user tries to visit these sites they are met with the same error message from publisher Tronc:”
“Unfortunately, our website is currently unavailable in most European countries. We are engaged on the issue and committed to looking at options that support our full range of digital offerings to the EU market.
We continue to identify technical compliance solutions that will provide all readers with our award-winning journalism.”
Would it be right to assume that these supposedly “leading newspapers” had not reported on GDPR over the last two years, thought of addressing it or heeded any advice on how to comply with it? It’s almost as if they have taken a Trumplike approach to their customers outside the USA – who needs you anyway? On the other hand, one might ask who from Europe, in their right mind, would bother reading most of the US press obsessed with local issues mainly around a flip-flopping leader.
But US companies are not the only ones in a flap over the new regulations – more than one-third of UK businesses felt unprepared for the compliance date. Even the regulators are still not ready. Just hours before GDPR came into effect the ICO website crashed for more than two hours due to the high influx of users trying to visit the site and to download a PDF guide to the new legislation. Maybe UK companies thought that Brexit meant they wouldn’t have to comply with those silly GDPR things. Oh, how wrong they would be. Simply having European-based customers is enough cause to become involved. That explains why it was easier for some outside of Europe to just close the door completely.
It may sound like a canny move in the short term, but many non-European governments are considering similar legislation to not only protect the privacy of their own citizens but to also ensure continued business possibilities with Europe. Of particular concern is the location of European data in the cloud that may be hosted outside of Europe.
Probably as result of Mark Zuckerberg’s appearance before the European inquisition, changes are being made at such an extraordinary rate that Facebook is reportedly making so many changes that their third-party APIs can’t keep up. As a result, many of you using apps that interface with Facebook may be experiencing problems and incorrectly blaming the app.
Perhaps more concerning is that the regulations are not all that clear, and the first attempts to prosecute those that fail to comply will surely lead to extended legal battles. Telecoms.com reports that campaigning group noyb.eu, headed by prominent data privacy complainer Max Schrems, has kicked off what could become a tidal wave of challenges. The group took issue with the one-click blanket opt-in that Facebook and Google have used in interacting with their users. It has filed complaints against the two – as well as Facebook subsidiaries Instagram and WhatsApp – in four different countries.
What a great time for GDPR legal eagles. Law firms must be rubbing their hands with glee whist ramping up their GDPR expertise in what will surely become boom times.
PS Those of you that receive our newsletters may have noticed some changes of format. The reason is that we had to change from our US-based mailing service because, as of May 23, it did not have any provision for the deletion of all customer data after unsubscribing, nor a request to delete all private data coming from a customer.