Slashdot Mirror

← Back to Stories (view on slashdot.org)

Most GDPR Emails Unnecessary and Some Illegal, Say Experts (theguardian.com)

Posted by msmash on from the closer-look dept.

The vast majority of emails flooding inboxes across Europe from companies asking for consent to keep recipients on their mailing list are unnecessary and some may be illegal, privacy experts have said, as new rules over data privacy come into force at the end of this week. From a report: Many companies, acting based on poor legal advice, a fear of fines of up to $23.5 million and a lack of good examples to follow, have taken what they see as the safest option for hewing to the General Data Protection Regulation (GDPR): asking customers to renew their consent for marketing communications and data processing. But Toni Vitale, the head of regulation, data and information at the law firm Winckworth Sherwood, said many of those requests would be needless paperwork, and some that were not would be illegal.

3 of 91 comments (clear)

  1. Best Practice by Going_Digital · · Score: 4, Interesting

    Companies wouldn't have to go through this nonsense if they had set-out treating people properly in the first place. If their email list was created from an explicit opt-in process with clear information on how the customer's email is to be used then it they would not have to go through this re-subscribe nonsense. They all thought they were clever by auto-opting in and buying mailing lists and other questionable ways of subscribing people. Now 90% of their 'customers' will not re-subscribe so they are stuffed.

    1. Re:Best Practice by Anonymous Coward · · Score: 0, Interesting

      Yea, screw them for not being able to predict the future and be in compliance of yet unwritten laws. Laws that are so vague even now that they have been written and passed nobody really knows how to follow. Not even government officials who can often only reply "that has to be determined in courts".

    2. Re:Best Practice by Zocalo · · Score: 3, Interesting

      Confirmed Opt-In, or COI, has been touted as a best practice for mailing lists for many years now. You didn't need to be psychic and predict the future to anticipate GDPR; you just needed to be above-board about what you were doing with the sign-up process and follow well published best practice. If you'd done that, and retained a copy of all of your opt-in confirmations, then all your end-user interaction for GDPR compliance would have required would have been a simple rider on a regular marketing email reminding your subscribers of where they could view your GDPR policies, contact you if required, and to change their communications preferences if they wished. No further end-user action required.

      Sadly, even amongst those lists that have been using COI for years, this point seems to have escaped most mailing list maintainers.

      --
      UNIX? They're not even circumcised! Savages!