Slashdot Mirror

← Back to Stories (view on slashdot.org)

Most GDPR Emails Unnecessary and Some Illegal, Say Experts (theguardian.com)

Posted by msmash on from the closer-look dept.

The vast majority of emails flooding inboxes across Europe from companies asking for consent to keep recipients on their mailing list are unnecessary and some may be illegal, privacy experts have said, as new rules over data privacy come into force at the end of this week. From a report: Many companies, acting based on poor legal advice, a fear of fines of up to $23.5 million and a lack of good examples to follow, have taken what they see as the safest option for hewing to the General Data Protection Regulation (GDPR): asking customers to renew their consent for marketing communications and data processing. But Toni Vitale, the head of regulation, data and information at the law firm Winckworth Sherwood, said many of those requests would be needless paperwork, and some that were not would be illegal.

4 of 91 comments (clear)

  1. Re:Only $23.50? by dotancohen · · Score: 4, Insightful

    We're simply going to block all of the EU, because the consequences for even an inadvertent misstep could be catastrophic.

    Please block my IP address as well: 192.117.111.61, because the consequences for even an inadvertent misstep by you could be catastrophic for me.

    --
    It is dangerous to be right when the government is wrong.
  2. Best Practice by Going_Digital · · Score: 4, Interesting

    Companies wouldn't have to go through this nonsense if they had set-out treating people properly in the first place. If their email list was created from an explicit opt-in process with clear information on how the customer's email is to be used then it they would not have to go through this re-subscribe nonsense. They all thought they were clever by auto-opting in and buying mailing lists and other questionable ways of subscribing people. Now 90% of their 'customers' will not re-subscribe so they are stuffed.

    1. Re:Best Practice by Zocalo · · Score: 3, Interesting

      Confirmed Opt-In, or COI, has been touted as a best practice for mailing lists for many years now. You didn't need to be psychic and predict the future to anticipate GDPR; you just needed to be above-board about what you were doing with the sign-up process and follow well published best practice. If you'd done that, and retained a copy of all of your opt-in confirmations, then all your end-user interaction for GDPR compliance would have required would have been a simple rider on a regular marketing email reminding your subscribers of where they could view your GDPR policies, contact you if required, and to change their communications preferences if they wished. No further end-user action required.

      Sadly, even amongst those lists that have been using COI for years, this point seems to have escaped most mailing list maintainers.

      --
      UNIX? They're not even circumcised! Savages!
  3. What are they supposed to do? by imidan · · Score: 4, Insightful

    The government has passed a law that provides for fines on the order of $23 million (or more, if the business is large). Businesses that are requesting new opt-ins are doing it so they can demonstrate that they have explained what they do with customer data and have obtained explicit permission to do so.

    Yeah, it would have been great if these businesses had been doing that all along, but there was no legal requirement for them to do so. They may not have kept records that would allow them to demonstrate compliance. Why would it be a surprise to anybody that businesses are trying to cover their asses to avoid paying fines that could destroy them? This is a completely foreseeable result.