Why you're getting flooded with privacy notifications in your email
What is the big deal, and why is everyone from Airbnb to Yelp suddenly updating their terms of service? Here's all you need to know.
What the heck is going on? Am I being spammed?
No, this is the real deal. Websites around the world are having to update their policies because of a new set of privacy protections being put in place by the European Union.
The EU's General Data Protection Regulation, or GDPR, went into effect on Friday, May 25. The regulations were written to benefit European citizens by giving them more control over the data that's collected by online services. But in practice, the new rules will have widespread ramifications as even U.S.-based companies who handle the data of E.U. citizens try to make sure they're in compliance. The changes you're seeing in corporate privacy policies is one example.
What does GDPR say companies have to do?
The new policies, which will be enforced by the Information Commissioner's Office, require companies to be explicit in their efforts to seek consent from consumers before collecting their personal information. Companies also have to give consumers easy access to their own data, and to delete that data if the customer requests it. Many companies subject to GDPR are expected to appoint a data protection officer. And importantly, companies have to notify users quickly of data breaches when they occur - under the new rules, they have 72 hours to inform the public after a breach is discovered.
What happens if the companies violate GDPR?
Failure to comply with GDPR comes with the risk of heavy fines - up to 4 percent of a company's annual global revenue, or €20 million (about $23 million), whichever is higher. In the case of Facebook, which pulled in $40.7 billion in revenue last year, a violation could mean an eye-popping $1.6 billion penalty. In fact, Facebook has already been hit with lawsuits alleging violations of GDPR on the policy's very first day; in response, the company has said it's been working to comply with GDPR for the past 18 months.
I'm in Europe. Why can't I access some U.S. sites?
A number of U.S.-based news sites - the Los Angeles Times, Chicago Tribune, Baltimore Sun and a raft of others - have basically gone offline as far as European readers are concerned.
While it may seem like a mystery, the common denominator underneath these different publications is that they are all owned by the same parent company, Tronc. The media company put out a statement Friday that reads exactly the same as what viewers see on the blocked sites: "We are engaged on the issue and committed to looking at options that support our full range of digital offerings to the EU market. We continue to identify technical compliance solutions that will provide all readers with our award-winning journalism."
Author information: Brian Fung covers business and technology for The Washington Post.