Asking me to opt-in, in America, finally? Not so.
Some will appear in email, but you can't find "I consent" any where in 15 pages of legalese/technese/hyperbolic descriptions on their website.
Some will be pop-ups when you visit a website or use an app.
Just looking and closing a page or your browser represents "consent."
I understand now the connection between primitive instincts (the ID) and the Internet-of-Things. (IOT).
ID+IOT
I understand how these people think about me. And they don't call us "end-users" by coincidence.
21
The examples given of consenting to participate with the rules specified by the companies by merely clicking on a close box is not in agreement with what other articles have stated that the GDPR is requiring, that is an explicit, willful effort made to agree by clicking an empty box rather than agreeing to a pre-filled, I agree, box.
Another concern the whole article assumes we all live in the EU. There is no requiremnt that some big data-sucker like Facebook or Google or Twitter offers the same degree of protection for those of us originating with an IP address that is in the USA, for example. I, for one, doubt that since those data are worth so much to this big companies, that two sets of front end software exist; one which allows opt outs and so on which is presented and the internal rules followed when an EU I.P. address is noted, and then there are the rest of us livestock who are given the same old treatment that made those companies' owners so rich.
3
Maybe, it's just a misunderstanding of the English language on the part of most tech companies.
p-i-r-a-c-y and p-r-i-v-a-c-y look and sound so much alike.
18
Who has time to read these?! I've received several dozen in the past week. I don't want these companies to use my data for sleazy profit, but still...who has time?
19
The law is clear.
Now the client must give explicit consent. If you do not reply they must forget you.
6
So I'm expected to paw through literally dozens of these emails and figure out what I need to do. What hogwash.
Dear All Companies, turn off my acceptance by default then ask me to turn it on when I access your site. Otherwise this is an exercise in futility.
I hope all of the companies who trick us get sued.
58
I received one from YELP, but I'm not a subscriber. I scrolled through more than a dozen pages on their site to get out of their digital orbit but they have no appropriate answers or way to contact them. I've inadvertently clicked on links that were YELP and put a remark about my DDS office at their request.
3
My background: tech idiot
I do however have common sense.
1: tech companies/online entities MUST tell you when they are tracking you: each time, no exceptions. You must give approval.
2: tech companies, etc MUST ask if they can share your info with ANYONE. You must give approval.
3: At any time, at your request, and once a year these companies MUST supply you with what they know about you and give you options. Much like a credit report.
Those are my terms. I believe that Apple does a version of #1.
23
I could've used this article a week ago!
8
My Frontier/Yahoo/AOL/Oath email account, the default for my local monopoly ISP, updated their privacy policy:
"We’ve updated how we collect and use data. We’ve updated some of the ways we collect and analyze user data in order to deliver services, content, and relevant advertising to you and protect against abuse. This includes:
- Analyzing content and information (including emails, instant messages, posts, photos, attachments, and other communications) when you use our services. This allows us to deliver, personalize and develop relevant features, content, advertising and services
- Linking your activity on third-party sites and apps with information we have about you
- Providing anonymized and aggregated reports to other parties regarding user trends
You will eventually need to agree to the new Terms of Service and Privacy Policy in order to continue to use our services."
10
Indeed, the monopolistic companies such as internet providers for most communities and rural areas, have the power to require you to opt in, or loose your internet connection and all that it brings to people every day.
Secondly, reading the bullet points above, the vague words like 'may collect' or 'use in certain ways' are worthless to anyone to determine what those ways are. Again, from some who have contacted those updating their policies to try to get specific information on what those vague phrases mean, have frequently been told that is proprietary information.
I doubt much will change.
I hope that people take the time to tell these bigger services to forget them, and then re-apply every few weeks.
2
Plan to delete almost every account, except Amazon and Google...and about 10 others, Oh, I forgot I will keep Microsoft and Yahoo mail...really would like to quit Yahoo mail, but I have the feeling it will be a lot of trouble telling everyone where I am.
2
Just today I received a note from HOUZZ,
(who to my knowledge, I have never used). Lacking an 'unsubscribe' button I tried to 'adjust my preferences' but was told that signing in alone was a consent to further mails.
Nasty.
So I quit + wonder who they are.
11
Houzz took over GardenWeb, and likely others. If you had an account with one of those, Houzz inherited it. It's nearly impossible to know what old accounts are truly gone, and which passed their information on to another company!
10
They are an interior design site for professional designers mostly. Strange that they would contact you if not in that line of work.
2
Actually have no clue how I got on to Houzz and
from what can see the design work is hardly
of professional merit.
It continues to astonish just how many average people think their *individual* data is all interesting to anybody. Yes, you're part of a demographic to be marketed to. Beyond that, unless you're a public figure, nobody cares!
"Privacy" is long dead. Get over it.
1
Privacy is not dead. But those that keep saying that are trying to kill it.
When the Supreme Court decides cases, it often has to answer the question did the party have a reasonable expectation of privacy and was it violated?
The need for the government to get a warrant to search your home, car, office, etc. is based on the implicit assumption that all humans need privacy. Warrants are an exception to the right to privacy.
Roe v Wade was decided based on this right to privacy.
When you keep saying that there is no privacy you are undermining your own privacy, and mine.
The new European Union rules are based on the assumption that your data belongs to you, unlike in the U.S. where your data belongs to whoever can snatch it. We should be pressuring the U.S. government to adopt a similar proposal.
Of course rights are not always enforceable. Government employees can break into your house without a warrant (if they don't get caught). The National Security Agency has been copying most data, but claims it is not "collected," until someone reads or listens to it. Private corporations are able to get a hold of much of your data and share it or sell it.
I'm not saying that protecting your privacy is easy. Everyone should be aware that anything you put on the internet can be found by somebody (and yes sometimes they are targeting individuals for specific financial, legal, political, or entertainment purposes), but unilaterally disarm, by giving up your "expectation of privacy."
11
Your individual data is interesting to me. Please post all of your account names and numbers with the pins and passwords in reply to this post. I am also interested in your bank routing number.
No? Why not?
I thought you said privacy was dead? How can you keep your financial information private, if you have no right to privacy?
What's in your wallet?
15
Don't tell me what to get over. I have the ability to understand what's going on in the world around me and how it affects me. I am not some passive rock that takes a "what ever" view of the world, as you do. If you are happy to have your rights eroded without your consent, that's fine except that you're capitulation affects me by extending the power of massive organisations that have no interest whatsoever in my welfare.
5
Thank you, Europe!
17
Thank you, Europe. Why can’t our political institutions here in the U.S. provide us the same sort of proactive protections? The answer? I’m guessing that Europe didn’t have a Citizens United ruling.
37
Please do some research on Supreme Court rulings on campaign finance. The idea that it all comes down to Citizens United is highly misleading. It wasn't even the most important or the most recent case of the Supreme Court turning corporations into people and money into speech.
If we spend all of our energy overturning Citizens Untied we will have one tactical win, and they will have a strategic victory.
We need an Amendment to the Constitution that makes clear to the Supreme Court that:
Corporations are Not People and Money is Not Speech.
This effort is well under way. For example see:
MoveToAmend.org
8
Because they only care about corporations. And donors.
2
The author is kidding I hope. Reading all privacy statements. What good will it do?
You as an active Internet user really have two choices: 1) stay off the Internet or 2) use it and try to limit data exposure. One thinks you are not going to change your digital habits because some pesky statement. Sometimes I think the NYT authors have forgotten what it is like to be a "normal citizen".
7
What he is suggesting that you do is find the opt-out options, and opt-out.
3
In a post by MSF
"Just today I received a note from HOUZZ,
(who to my knowledge, I have never used). Lacking an 'unsubscribe' button I tried to 'adjust my preferences' but was told that signing in alone was a consent to further mails."
Seems that trying to opt-out may actually become an opt-in?
Slightly off topic, but I could never understand why I had to opt out for businesses to use my data. Now we have pages of legalese in which to try to determine how my information is being used. I find the intrusion of advertising overwhelming. It has nothing to do with customers and everything to do with controlling the market.
14
You have to opt-out because, unlike in the European Union where your data is assumed to belong to you, in the U.S. your data is assumed to belong to anyone that can find it. Opting out makes a legal statement that you own your data and don't want to share it.
5
The current value proposition to consumers regarding personal data is weighted entirely in the favor of corporations. And this will also be their 'Achille's Heel' that will become the seeds of their own destruction. (Google, Facebook, Amazon, etc).
The truth is that even if companies were prohibited from using or collecting data without the explicit consent from people who visit their web sites, the web services would still be available to users.
Companies have to reach the users, to advertise, offer services, and so on. Without access to users, the companies fail.
So no, giving up our personal data is not the price we pay for using the internet, its the theft we suffer from lack of effective, honest government oversight.
17
I’m a bit confused as to how these privacy policy pop-ups are offering anything different. They’re basically saying that if you want to use their site at all, you have to agree to anything and everything, which is how it has always been. There is no place to click on and select any options. It’s binary, all or nothing. How workable is that in real life: Let us collect and use everything, or leave the site. There’s no way to opt out of the data collection except to not shop, not read, not send email, not go on the internet at all. What am I missing?
63
Yes, there are many services and apps that I don't use, for this exact reason.
You want access to my contacts, pictures, video, and files? Sorry, no. I'll use a pencil and paper thanks.
5
Frau Greta is (unfortunately) 100% spot on with her opinion. After reading a dozen of these Privacy Policies, I realized that, in most cases, if you want to use the site, you must agree to giving up your personal data. This includes sites sharing with third parties, which I abhor. Now and again I have delved deeper into some policies to find the third-party share option and un-check the box, but it becomes extremely time-consuming. Eventually this issue will subside and life on the Web will chug along.
2
Some of them have a button. But not all.
1
Unless you're a European oligarch who stands to benefit from the EU's continued harassment of American tech companies, the GDPR means nothing to you other than the annoyance of deleting these meaningless privacy policy notifications. None of the reputable companies are doing anything sinister with your information and none of the bad actors care about EU regulations.
3
1. Exactly which European oligarchs do you have in mind - last time I checked oligarchs were Russian and Russia is not a member of the European Union!
2. "None of these reputable companies" - one word response. Facebook. Even US commentators on tech have been acknowledging that the day of reckoning for the abuse of personal data has been long overdue.
3. The regulations are the same for every company, irrespective of its origin or legal base of operations. No US company is being treated unfairly relative to any of its peers or competitors. This is what you get when you have legislators working to protect their citizens, rather than kow-towing to t corporate money/needs.
What you should be asking is why Congress is not offering something similar...
44
Oligarch means rule by the few.
The global billionaires have gained control of more than half of the world's wealth. They use it to manipulate markets, media, and government.
We have a global oligarchy. Russian and Chinese billionaires have the most direct control of their governments. We now have a billionaire president with a billionaire filled cabinet.
They probably have the least control in Europe, but they still have much influence.
While it is true that EU regulations have no direct effect on American regulations, many companies find it easiest to just follow the most stringent regulations because it is simpler that way. So if you read and act on these announcements you might get some of these benefits even though you are not in Europe.
1
The article mentions that a company can be fined 4% of its global income but does not tell us who to complain to or how the system of investigating complaints works across national borders, especially where data is held in non EU countries. In the UK of the law is breached complaints can be sent to the Information commissioner's office (ICO) but it is not clear to me what happens after that. How is a complaint in a jurisdiction outside the EU investigated and any penalty enforced?
6
I'm pretty sure complaints outside of Europe are not covered by the law. However, many internet companies are just following that law with all of its customers, so Americans may get some of the good effects, by accident.
3
These marketing emails are governed not just by GDPR, but also by the EU’s ePrivacy Directive (which has been in effect and is responsible for those cookie banners). The funny thing is that many of these emails are not necessary. Contrary to this article, isolated consent is not always required for marketing emails. And under ePrivacy, a so-called soft opt-in (really an opt-out) in the context of e.g. buying something online is sufficient. So many of these companies are either trying to remediate an email list that itself is not compliant (no proper basis) or they are drastically and possibly unnecessarily reducing their list by asking for consents that most people won’t provide leaving them stuck with a shrunken list.
Btw, GDPR doesn’t rely on two big principles of consent and minimizing collection. It’s based on 6 principles, which can be found on this handy online version of GDPR https://gdpr-info.eu/art-5-gdpr/. It’s actually not that hard a read for being a regulation, albeit there are many challenges of interpretation.
There are a great deal of things that are bound to be not quite right in describing something like GDPR in a short, breezy article like this. That said, the law it’s replacing (the Data Protection Directive) is no slouch either. It’s just that companies didn’t care about compliance as much until GDPR, which, yes, has greater territorial reach, but more importantly, allows for those eye-popping fines.
5
I agree with the others that this article isn't super helpful.
First, the GDPR applies to Europe. We've all heard by now that Facebook removed pretty much all non-European user data it had in the EU out, so that it would be free of GDPR restrictions.
What does that mean? Facebook (and others) are setting up one system to comply for Europe, and keeping as much of the status quo as possible for the rest of us. I don't think they're alone. A lot of the updates don't change much, if anything, for non-EU users on most sites.
And this: "by closing the banner ad or interacting with its website, you were agreeing with the site’s data collection terms." So what's the recommendation here: stop using the internet? If you read the banner ad, are you going to be given the option to not share data and still use the site?
Not in most cases.
Most sites don't let you pick and chose what you share; it's "consent or don't use our service." Maybe Twitter, Facebook, Google, and some other big brands have some opt-out features, but the majority of sites don't offer any control, other than not using the service.
4
Yes and no. GDPR applies to those handling personal data who are established in the EU (e.g. offices there, but can be short of that) or who offer goods and services to EU residents (mere ability to access a website from the EU is not sufficient, must be something more targeted) or who are monitoring/profiling EU residents (e.g. through online tracking and profiling) or who are processing the data on behalf of someone subject to GDPR (e.g. Cloud provider here hosting EU data). Many companies outside the EU fall under this. The point of the article I think is that particularly big companies are not fully segregating EU and non-EU users notwithstanding Zuckerberg's comments and as a result, many of the privacy self-help tools being made available for GDPR compliance have been made available to us in the US as well and we should take advantage of them.
3
A few small points:
If I read all the privacy emails and their links I’ve received over the past couple of weeks I would not have time left to eat, sleep, work or spend time with family. And I’m a speed reader!
I applaud trends to provide more transparency about how websites and apps use information they’ve collected about me, but I also understand that there’s an implicit (hopefully soon to be explicit) bargain we make with these “free” apps. They’re not free. We pay with our personal information. Surely any reasonably intelligent person knew that when they signed up. We’re not their customers, we’re their product.
Like millions of Americans I occasionally write blogs I’ve published about my interests. I make $0 from doing so. While I’m reasonable sophisticated in the computer arts, I have no idea what information my little blogs collect, but know that I don’t really do anything with all that info they collect. There’s no revenue to hire lawyers, so my approach to GDPR compliance is to post a message saying the site may collect a small amount of info, it doesn’t share it or do anything with it, and if you don’t like that arrangement, please go away.
While I understand that people have been harmed by data breaches, in my 25 years of being online nothing particularly nefarious has happened to me. I’ll probably plod along with Google suggesting I buy something I already purchased last week. But I click on the ad anyway to run up the advertisers bill. Joke’s on them!
10
"Google suggesting..." Yeah, but when I LOOK at something I only THINK of buying, it follows me all over the Web.
I happened to LOOK at some Xmas decoration (lights) around the holidays, and now I have one outfit that STILL jogs me. (To save you some angst, I won't mention the name.)
I also know when my wife happened to buy some underwear a few weeks ago. I have now banned her from using my computer ever again.
Although, for the first few days, it kept a smile on my face...
5
I have noticed that too. People fear the government is watching them, well maybe. But it is seriously the retailers who are spying on us.
I'd really appreciate a browser plugin that automatically clicks on "Cookies? No thanks" for me so I don't have to...with may be a few useful (for me) exceptions, say when I'm actually logged in in order to comment, but not when I'm only "browsing" the general Internet.
9
Great! My browser deletes its cookies every time it shuts down (I chose this)
Now if I use something like google maps I can either easily agree to "data gathering" or wade through multiple pages saying "no thanks". Or be logged into my google account of course and not be bothered...but probably share more data...basically the data protection thing protects less of my data than it did before...
4
Pretty good summary of GDPR. Minor correction: the max fine is 20 million Euro or 4% of company's value, whichever is greater. Much of how this regulatory change is applied is still uncharted. (In my company we have had many discussions of how certain items could be interpreted.) We are going to most conservative, despite our being a very tiny company. The cost of network changes and infrastructure tightening has been steep. If a user opts in to have their data stored at one point, they will always have the right to back out. GDPR says the process to do this must be straightforward. The US would never submit to regs like this, so I'm happy that GDPR protections are spilling somewhat over to me.
8
I don't read them or any legal type stuff about the internet. I assume they are doing everything to make money and either the service is worth it or not. Now I don't like the EU applying their rules to those outside the EU, either people or corporations. They have power without any representation by doing so. If you want your privacy protected stay off the internet entirely.
2
Are there any online services that examine privacy policy statements and highlights just what the users need to know?
47
And you would trust them? I wouldn't but it would be nice.
2
I'm still not sure why reading the privacy policies makes any difference if you can't do anything. Thanks to the advice on this column I downloaded Google's information about me. I was pleased to see how little they have. Why - because I have aggressively sought out and changed every available Google setting to prevent it from harvesting my data. Ditto Windows 10. And I stay as far away from Facebook and Twitter as possible.
49
I am in agreement with what David's said here - what good does it do to read the "implied consent by continuing to use the site" if you expect to keep using it? The basic option you have is abandoning use of the site (which may still have your past data), or continued use with the new terms. You aren't being given a choice about privacy within the site, you're being told to "accept our terms" or "don't expect our services." Given that many sites are making this change, consumers need to not evaluate what the privacy conditions say, but whether they value what they're getting from the site enough to keep using it.
24
The impression given by the article is that you are either in or out. I am pretty sure the law goes beyond that and allows you to control exactly what data is held, or if any data at all is held. I am left with the impression that many companies think sending an email means they can carry on with business as usual. You can certainly ask for all your data to be deleted and for them not to share it with anyone else.
We need an article to describe how to complain and what happens after you complain, as I feel sure, companies will flout the law if they think they can get away with it or don't really understand it.
13
Redux: I keep hearing people say "Why bother reading the terms of service? If you want to use Company F's service, you have to agree to their terms."
I don't accept this.
The problem with this argument is that it removes all accountability, ethics, and consumer protections from the equation. It creates an opaque (and outright deceptive) hidden transaction that is hostile toward the customer, effectively placing corporate profit over the rights of a human life. That is not how a civilized society should operate.
In our current corporate climate we consumers have very few options for goods and service due to the re-emergence of and lack of competition created by monopolies (thanks to deregulation). It's not okay for a company to abuse me and steal my "value" simply because they can, simply because they state so in a 100-page confusing, arcane terms of service.
Corporations may have a right to make profits, but this should not be at the expense of their customers' rights, safety and privacy.
32
Which legal rights are you talking about, the whole idea of these free services is that they make money somehow, and that is mostly advertising combined with sending it to those most likely to buy. Just as on the street you have no privacy on the internet, if someone tried to give you that a hacker could break their desire.
3
Orwell was almost right about the Big Brother.
Except that in addition to government surveillance, corporations that over the past 50 years became sole owners of Executive, Legislative and Judicial branch, now claimed the ownership of us all.
Here is the extract of Privacy (violation) Terms from the outfit called "Oath" who now owns Yahoo and AOL:
By choosing “I accept” below, you agree to Oath’s new Terms of Service and Privacy Policy. Below is a summary of some of the key updates. To learn more about our approach to privacy, click here.
How we collect and use data.
We’ve updated some of the ways we collect and analyze user data in order to deliver services, content, relevant advertising and abuse protection.
This includes: analyzing content and information when you use our services (including emails, instant messages, posts, photos, attachments, and other communications), linking your activity on other sites and apps with information we have about you, and providing anonymized and/or aggregated reports to other parties regarding user trends.
Combining data.
We also combine data among our services and across your devices. This will provide you with better personalized services and features across your devices and Oath accounts.
6
This is what I am dealing w now. Had an AOL email addy for 20 years and a yahoo for several discussion groups. Now it will be shared w Every comany they please. Including verizon.
Remember Verizon's Non Removable Tracking Cookies?!?
No am not a F_c_book user and never use google. I just try to keep a low profile but I despair. And I am Angry.
3
Margaret Atwood’s Madadam series is a bit hard to get into. But it is a futuristic tale where corporations control everything. It isn’t that far off the mark.
1
Great informative article. Thank you Brian
3
No company or service should be allowed to use "opt-out" that they bury in pages of privacy policy links for anything. Ever. If a company or service wants to use my data, etc, they should be required to present transparent "opt-in" boxes that I select, and can just as easily cancel at any time.
98
Simple solution opt out of using their services. Don't like the windows 10 deal use something else or nothing.
And since you said “no company” I think we all know how that will turn out under current conditions.
2
Sparky has it right, either I take my medicine ( using the sites which the author admits is opting in) or I dump the service.
A useful article would
1. recommend other sites apps.
2. Expand on privacy settings where they exist.
3. Give us people, powers that be we can complain to.
Dumb question, you can opt out in facebook of directed targetted ads, it however is NOT clear if this in anyway limits Facebooks sale of our data.??
24
"Don’t ignore them."
Why? You are not going to chance them. If you want to use the product, you agree to the changes.
I have better things to do than wade through twenty pages of contract law.
24
Then he is talking to other people who might appreciate the information! Like me. Geez.
26
The point here is how NOT to agree to the "changes" while continuing to use the "product" in the way it is presented to you in plain English (as opposed to what the company is trying to get away with, in legalese). If the company claims you can communicate with friends all over the world for free, then the company should let you do exactly that. No, I don't assume that means they get to sell my identity to whomever in the world they want to, and they certainly don't have my consent for that.
8