Email Unsubscription Service Unroll.me To Close To EU Users Saying it Can't Comply With GDPR (techcrunch.com)

← Back to Stories (view on slashdot.org)

Email Unsubscription Service Unroll.me To Close To EU Users Saying it Can't Comply With GDPR (techcrunch.com)

Posted by msmash on Monday May 7, 2018 @02:00AM from the good-riddance? dept.

Unroll.me, a company that has, for years, used the premise useful "email unsubscription" service to gain access to people's email inboxes in order to data-mine the contents for competitive intelligence -- and controversially flog the gleaned commercial insights to the likes of Uber -- is to stop serving users in Europe ahead of a new data protection enforcement regime incoming under GDPR, which applies from May 25. From a report: In a section on its website about the regional service shutdown, the company writes that "unfortunately we can no longer support users from the EU as of the 23rd of May," before asking whether a visitor lives in the EU or not. Clicking 'no' doesn't seem to do anything but clicking 'yes' brings up another info screen where Unroll.me writes that this is its "last month in the EU" -- because it says it will be unable to comply with "all GDPR requirements" (although it does not specify which portions of the regulation it cannot comply with).

50 of 76 comments (clear)

Min score:

Reason:

Sort:

One down... by Joce640k · 2018-05-07 02:10 · Score: 4, Insightful

One useless parasite down. That's a start.
Go, GDPR!

--
No sig today...
1. Re:One down... by xxxJonBoyxxx · 2018-05-07 02:27 · Score: 4, Interesting
  
  Exactly. This is one law/regulation that's not only working as designed, it's working as intended!
2. Re:One down... by Barsteward · 2018-05-07 06:54 · Score: 1
  
  its their loss of a market of 450m people, they must be doing well elsewhere.
  
  --
  "The hands that help are better far than lips that pray." - Robert Ingersoll (1833-1899)
Big surprise? by nitehawk214 · 2018-05-07 02:13 · Score: 4, Insightful

How can anyone be surprised that a company with full access to someone's email misuses the information they receive.
Why is anyone still using the service after they got caught lying?

--
I'm a good cook. I'm a fantastic eater. - Steven Brust
1. Re:Big surprise? by ranton · 2018-05-07 02:31 · Score: 4, Informative
  
  Why is anyone still using the service after they got caught lying?
  I didn't see any mention of Unroll.me lying to their customers. They are a free service, so they are going to make money off of their customers' data. If you are curious about how, you go read their Terms of Use and Privacy Policy. This is from their Privacy Policy before details of their business model went public:
  
  We also collect non-personal information - data in a form that does not permit direct association with any specific individual ... For example, when you use our services, we may collect data from and about the "commercial electronic mail messages" and "transactional or relationship messages" (as such terms are defined in the CAN-SPAM Act (15 U.S.C. 7702 et. seq.) that are sent to your email accounts.
  This clearly states they will look at advertisements (commercial electronic mail message) and receipts / order updates ("transactional or relationship messages) in your inbox in order collect data to sell to 3rd parties. So where were they lying? You may not like their business model but don't accuse them of doing things they didn't do.
  
  --
  -- All that is necessary for the triumph of evil is that good men do nothing. -- Edmund Burke
2. Re:Big surprise? by Anonymous Coward · 2018-05-07 02:42 · Score: 1
  
  I present to you a visual guide of how hard it is to read all the T&Cs today
  https://i.imgur.com/5LphAGP.jpg
3. Re:Big surprise? by Anonymous Coward · 2018-05-07 02:45 · Score: 2, Insightful
  
  People do care about lying. But what choice did we have when the other candidate was an even BIGGER liar?
4. Re:Big surprise? by ranton · 2018-05-07 03:04 · Score: 1
  
  I present to you a visual guide of how hard it is to read all the T&Cs today
  https://i.imgur.com/5LphAGP.jpg
  I doubt that is an image of Unroll.me's privacy policy, since their document is about 6 pages long with significant white space and a Calibri 11 point font. Page 1 has their policy on collection of personal information, and page 2 has the text I listed above. If you actually care about how they collect your data, you can find everything you want under the headers Our Collection and Use of Personal Information and Our Collection and Use of Non-Personal Information, which are both about a page long.
  
  --
  -- All that is necessary for the triumph of evil is that good men do nothing. -- Edmund Burke
5. Re:Big surprise? by Anonymous Coward · 2018-05-07 03:05 · Score: 2, Funny
  
  Huh?!? What did Gary Johnson lie about?
6. Re:Big surprise? by dave420 · 2018-05-07 03:05 · Score: 1
  
  There we go with the lies again.
7. Re:Big surprise? by ranton · 2018-05-07 03:06 · Score: 1
  
  That clearly says they will collect non-personal information. It says nothing about how they will use or disclose (i.e. sell) that information.
  I would hope that would be obvious, but since you think it isn't here is some information from the very next paragraph of their privacy policy:
  
  We may collect and use your commercial transactional messages and associated data to build anonymous market research products and services with trusted business partners. If we combine non-personal information with personal information, the combined information will be treated as personal information for as long as it remains combined.
  
  --
  -- All that is necessary for the triumph of evil is that good men do nothing. -- Edmund Burke
8. Re:Big surprise? by HiThere · 2018-05-07 05:53 · Score: 1
  
  Not always. They never reveal the truth, but some are clever enough to say only technically true statements in ways that will cause you to believe as they intend. Not that I've run across one recently.
  
  --
  
  I think we've pushed this "anyone can grow up to be president" thing too far.
9. Re:Big surprise? by sexconker · 2018-05-07 06:07 · Score: 1
  
  Bill Clinton was caught lying. Under oath. He was even impeached for it.
  Yet he remained in office.
10. Re:Big surprise? by jareth-0205 · 2018-05-07 10:42 · Score: 1
  
  I'm genuinely curious as to whether you read and comprehend all the privacy policies that are presented to you on the internet for every site that you interact with... and whether you think that that can be a reasonable thing to expect people to do.
  I mean they are deliberately written to be long and hard to understand https://www.theatlantic.com/te...
11. Re:Big surprise? by AmiMoJo · 2018-05-07 19:48 · Score: 1
  
  Not lying, just obfuscating to the point where they know that the average person won't bother to read the ToS or work out what "transactional or relationship messages" are.
  
  --
  const int one = 65536; (Silvermoon, Texture.cs)
  SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
12. Re:Big surprise? by ranton · 2018-05-08 02:42 · Score: 1
  
  I'm genuinely curious as to whether you read and comprehend all the privacy policies that are presented to you on the internet for every site that you interact with... and whether you think that that can be a reasonable thing to expect people to do.
  I mean they are deliberately written to be long and hard to understand https://www.theatlantic.com/te...
  No, I generally don't read any of them. But without thoroughly reading them you should simply assume all of the data you share can be shared with anyone. You should always assume the first time you type a phone number, address, etc. into a web form it is now public information, just like sending a nude selfie over SMS. Even payment methods such as credit cards are only possible because the card companies cancel / reimburse for fraudulent activity and send new cards, because you would be foolish to assume your credit card number is safe either.
  You can certainly expect a higher level of privacy if you wish, but it will take significant effort on your part every time to interact with a new service to thoroughly understand their privacy policies. If you don't put in that time, then assume no privacy if you freely give information to a 3rd party.
  
  --
  -- All that is necessary for the triumph of evil is that good men do nothing. -- Edmund Burke
13. Re:Big surprise? by ranton · 2018-05-08 02:43 · Score: 1
  
  Not lying, just obfuscating to the point where they know that the average person won't bother to read the ToS or work out what "transactional or relationship messages" are.
  Which isn't lying. They offer a free product, so you are the product. That shouldn't be a surprise to anyone.
  
  --
  -- All that is necessary for the triumph of evil is that good men do nothing. -- Edmund Burke
False advertising by Anonymous Coward · 2018-05-07 02:18 · Score: 2, Insightful

Pretending to be a service for unsubscibing, while actually being a data-mining company...
You do realize that false advertising has always been illegal in the EU? Perhaps the real problem is that the fines for false advertising is too low, and the GDPR fines are large enough that companies care about them.
1. Re:False advertising by HiThere · 2018-05-07 05:58 · Score: 1
  
  Is there any reason to doubt that they do both? If they do both, then it's not false advertising. They sell themselves to you based on what you want, and the sell your data to fund themselves.
  If so, then while it may be reprehensible, it's not false advertising.
  
  --
  
  I think we've pushed this "anyone can grow up to be president" thing too far.
2. Re:False advertising by Carewolf · 2018-05-07 19:12 · Score: 1
  
  Pretending to be a service for unsubscibing, while actually being a data-mining company...
  You do realize that false advertising has always been illegal in the EU? Perhaps the real problem is that the fines for false advertising is too low, and the GDPR fines are large enough that companies care about them.
  Plus data-mining has also been illegal for some 30 years. GDPR is just a minor update of existing rules to enable better enforcement.
By can't, they mean don't want to by Mascot · 2018-05-07 02:22 · Score: 4, Insightful

access to people's email inboxes in order to data-mine the contents for competitive intelligence -- and controversially flog the gleaned commercial insights to the likes of Uber
It's almost as if that's exactly the sort of undisclosed behavior the GDPR is designed to combat...
Granted, I suppose my subject is a bit unfair. If violating privacy is your primary business model, I guess "can't" is technically accurate.
1. Re:By can't, they mean don't want to by iggymanz · 2018-05-07 02:25 · Score: 3, Funny
  
  EU should flood them with "right to be forgotten" requests that they have to comply with
2. Re:By can't, they mean don't want to by FictionPimp · 2018-05-07 02:35 · Score: 1
  
  They already said they would delete all EU customer data before the GDPR deadline. So that's not really going to do anything.
3. Re:By can't, they mean don't want to by Anonymous Coward · 2018-05-07 02:37 · Score: 1
  
  There is always the GDPR letter from Hell that you can send them.
4. Re:By can't, they mean don't want to by ranton · 2018-05-07 03:32 · Score: 1
  
  It's almost as if [access to people's email inboxes in order to data-mine the contents for competitive intelligence is] exactly the sort of undisclosed behavior the GDPR is designed to combat...
  I don't think it is. The GDPR is specifically interested in personal information, not non-personal information such as commercial or transactional messages. As long as the data is sufficiently anonymized (something I'm sure the courts will further define over the next decade or so) I would think companies like Unroll.me could continue that part of their business model even with the GDPR.
  There are likely other aspects of Unroll.me's business model which are causing them to cut off EU customers, not their practice of reading customers' emails and selling aggregate data collected from them.
  
  --
  -- All that is necessary for the triumph of evil is that good men do nothing. -- Edmund Burke
5. Re:By can't, they mean don't want to by Junta · 2018-05-07 05:34 · Score: 1
  
  While I wouldn't doubt there are unfortunate facets of their business model that have not come to light, it could also be that avoiding the burden of having to reply to GPDR requesst is worth losing the market, even if you could give replies above board.
  
  --
  XML is like violence. If it doesn't solve the problem, use more.
6. Re:By can't, they mean don't want to by Mascot · 2018-05-07 10:29 · Score: 1
  
  The focus of the GDPR is the need to inform the user and to allow them to control the use of their personal information, making undisclosed data collection and/or usage a primary target for the legislation. Thus this (I'm going by the summary here, I don't know anything about unroll.me) would be exactly the type of behavior it's designed to prevent. In other words, I strongly believe you are objectively wrong.
  It is possible that they could keep going if they informed the user properly and made everything opt-in, but the big issue I see is the stipulation in the GDPR for data minimization. You cannot collect or process data that's not necessary for the purpose for which you are accessing the data. For a service offering a way to unsubscribe from mailing list, processing information about how you use ride sharing services would be a tough sell as being relevant to the service being offered. In order to be able to anonymize data and use it for other purposes than offering the service, you first need to show that processing that data was necessary to begin with.
7. Re:By can't, they mean don't want to by AmiMoJo · 2018-05-07 19:54 · Score: 1
  
  Uber is required to delete that data now, with no action required on our part.
  This law is fucking great.
  
  --
  const int one = 65536; (Silvermoon, Texture.cs)
  SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
8. Re:By can't, they mean don't want to by iggymanz · 2018-05-11 08:03 · Score: 1
  
  talk and action are two different things; that is not an easy feat
Re:Regulation kills business by Opportunist · 2018-05-07 02:33 · Score: 1

Those kinds of jobs being lost is a gain for humanity.

--
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Which part by hattable · 2018-05-07 02:46 · Score: 2

Why does it matter which part of the GDPR a company is unable to comply with? Despite how scummy of a company they are, unrollme will not be able to provide services to a large portion of the world. Privacy advocates want it (including myself), and we got it. We don't get to jab our fingers in the wound and blame the company as a way to avoid any potential negative feelings about what has happened.

To reiterate: GDPR good. Unrollme bad. *massages temples* I chose this life. I chose this life.

--
OMG facts!
This is the price Europeans must pay by OrangeTide · 2018-05-07 02:53 · Score: 1

Mandating personal privacy has cost you free shitty email service.

--
“Common sense is not so common.” — Voltaire
GDPR is great ! by aepervius · 2018-05-07 03:04 · Score: 3, Interesting

GDPR is like a great filter which tells me who is breaking my privacy and who won't. Say you close off to EU customer because of GDPR ? Great I know you were breaking my privacy and selling my data ! Good riddance !

--
C. Sagan : A demon haunted world:
http://www.amazon.com/gp/product/0345409469/
visit randi.org
Re:Regulation kills business by Archangel+Michael · 2018-05-07 03:33 · Score: 1

Subjective opinion, not a fact. I have no idea if it is a net gain or loss to humanity, but I suspect it is a loss, due to the totalitarian fascist nature of the law. The problem with Freedom is it is messy.

--
Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
Re:Regulation kills business by Opportunist · 2018-05-07 03:42 · Score: 2

Protecting privacy is fascist, war is peace, freedom is slavery, ignorance is strength...

--
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Good. by k.a.f. · 2018-05-07 03:59 · Score: 1

If they can't justify processing my data under any of the numerous and rather broad bases, then they don't deserve to get them.
1. Re:Good. by Junta · 2018-05-07 05:48 · Score: 1
  
  Note that I'm not particularly enthusiastic about unroll.me's model or particularly trusting in their intent, but broadly speaking even if they can justify processing the data, the effort associated with auditing and proving their intent and risk according to the specific terms of GPDR could still be considered too much a burden to be worth it.
  That's generally the issue with many regulations. They mean well and there is a definite need for some regulation to serve the purpose, but often they are structured such that compliance also inflicts significant cost upon groups that were not doing anything to be vaguely part of the problem.
  
  --
  XML is like violence. If it doesn't solve the problem, use more.
Re:Regulation kills business by Opportunist · 2018-05-07 04:03 · Score: 1

Would somebody please think of the KZ-Guards...

--
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Re:Regulation kills business by Archangel+Michael · 2018-05-07 04:15 · Score: 1

Privacy is an illusion.
If you really want to be "private", hole up in a cave away from anyone so that nobody knows anything about you. Other than that, your privacy is subject to everyone you interact with. Ask any private detective how much information they can gather on someone just by watching their every move. Privacy is an assumption , and an illusion.

--
Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
Re:Regulation kills business by Archangel+Michael · 2018-05-07 04:40 · Score: 1

You might want to go to your safe space and play with crayons.

--
Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
Re:Regulation kills business by Opportunist · 2018-05-07 05:05 · Score: 1

Safety is an illusion, why do you wear a seatbelt?

--
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Is it just me by jwymanm · 2018-05-07 05:06 · Score: 1

Or is everyone on this discussion some kind of EU proponent wanting less freedoms and more laws for Internet? It's almost like robot shills. This is giving governments more control over business. This is not a good thing. I'd support a checkmark system like SSL in a browser that let people know if using a service could lead to leak of your information but not this. This just supports Google and Large Co to continue business as usual while killing smaller free service providers aka competition. People are celebrating less freedom on the net every time EU scratches a frigging freedom itch and it's disgusting.
1. Re:Is it just me by Junta · 2018-05-07 05:41 · Score: 1
  
  I think the goal is admirable, but reading the 'nightmare GPDR letter' highlights that doing things above board is good and required, but it also requires all good actors to respond to some potentially detailed inquiries. This includes both generic information about where and how data about the user is stored (which shouldn't be too much of a burden) to the specific unique details to a specific individual's data. This either means manual effort and/or creating specialized reporting to react to GPDR requests.
  I think that's the burden people get worried about, how much burden it puts on *showing* you are not intentionally or at risk for accidentally having data disclosed.
  
  --
  XML is like violence. If it doesn't solve the problem, use more.
2. Re:Is it just me by Actually,+I+do+RTFA · 2018-05-07 06:18 · Score: 1
  
  Laws and regulations can be good or bad. A lot of people think that the GDPR is a good law, and that it improves the world. That doesn't mean its supports want arbitrary more laws beyond that.
  
  --
  Your ad here. Ask me how!
3. Re:Is it just me by jwymanm · 2018-05-07 07:22 · Score: 1
  
  But that is guaranteed to come. The internet needs to remain open at all costs. The entire reason it has prospered so well is because of the freedom it had when started. Now you can barely fart wrong on the net and you get taken down across 30 participating countries. CLOUD act basically means you have no rights anymore. EU sues damn near every large company on the Internet. etc
4. Re:Is it just me by Carewolf · 2018-05-07 07:49 · Score: 1
  
  The law has been in effect for a little over 30 years now, and not caused any troubles. The GDPR is only an update of the enforcement. It is the very same set of laws that forced Facebook to not merge data it bought from WhatsApp, and forced Google to not merge Youtube and Google Plus accounts.
5. Re:Is it just me by Anonymous Coward · 2018-05-07 08:39 · Score: 1
  
  This is about giving business less control over people by giving people more control over how businesses (and governments) process their data. That is a good thing.
quo nullum argumentum by OrangeTide · 2018-05-07 06:25 · Score: 1

Si pecuniam haberem, panem emerem.
(est aliqualiter rationem)

--
“Common sense is not so common.” — Voltaire
EU and "consumer protection laws" by stud9920 · 2018-05-08 03:08 · Score: 1

I am a huge fan of the EU. Not only because it's a bringing prosperity to my city (Brussels), is a net contributor to local and world peace, allows me to travel and pay more easily in a territory 50x as large as my own country, the Microsoft and Google lawsuits and many more reasons, but I truly despise the way they design the consumer protection laws.
Instead of punishing technology's abuses, they are really trying to make people's lives miserable.
Visiting a web site ? half of your screen is covered by the cookie warnings, even though 99,99% of website owners only actually use cookies for session management. And it would have taken very few effort for the lawmakers to add a "ignore and hide cooking warnings" general setting, which on EU scale would have made it to all browsers. This instead of just banning cookie tracking
Travelling across the border ? You'll get a SMS telling you that the tariff is....the same as home, which is nice, but that SMS / Tariff info was only relevant when operators were taking outrageous roaming fees. The message, though, is still mandatory.
Entering your car and want some navigation ? A stupid warning "driving while operating this device' is dangerous" (granted, that one may be even worse in the US)
And now GDPR: 99,99% of customer / subscriber information IS relevant, and is NOT used in abusive way. As a small non-profit sport club structure, it took us 2 months of iterative work to make ourselves minimally compliant, including a web site migration towards EU (on US owned servers). There is exactly zero gain for our members, whom we can not service if we don't have that minimum info from them, and which we have zero incentive to abuse. Of course, the have absolutely zero manpower to actually control/enforce the compliance in the millions of businesses and associations having files
All this while the ones most inclined to abuse their customers will still get away with it, and for which well-targeted raids might actually be cost effective.
Backup by DeVilla · 2018-05-08 17:20 · Score: 1

Honest question. How are folks implementing backups that comply with GDPR? Seems there would be some cases where you couldn't backup data on a per-user basis. Mutable backups just seem totally wrong.
A lot of GDPR is clearly well thought out and easy to design too as a result. Migrating a non-GDPR based design could be a pain. But the requirements to be able discard backups in a month seems like it could be tricky in certain cases without compromising backup integrity.