There's A Very Specific Reason You're Getting All Those Privacy Updates

If you've so much as opened an app on your computer, tablet, or mobile phone lately, you've probably seen a certain message delivered to you. "We're updating our privacy policy," pretty much every tech company of note has said over a span of weeks. The timing of this flood of messages is enough to make one wonder: Why do I keep getting privacy policy updates and what the hell is going on?

Sure, data privacy has been a hot button issue since the start of the new year, particularly since Facebook became the center of a controversy about companies wielding users' data without consent. But Google, Uber, and the rest of Silicon Valley aren't going out of its way to change their policies just as a proactive measure to put users' minds at ease.

The wave of data policy updates is actually a reaction to a new law, and not an American one. On Friday, May 25, the General Data Protection Regulation (GDPR) goes into effect.

GDPR is a law created by the European Union, and regarded by The New York Times as "the toughest online privacy rules in the world." Because the internet is used worldwide, the changes that American companies make to comply with foreign rules affect users in the United States.

The law primarily has two effects. Companies have to seek your consent to use private data and they can't require you to provide data that isn't necessary for a company to operate. That's why most of the privacy updates companies are sending around are focused on the idea of transparency and changes that make it easier for you to understand which private data a service like Twitter of Facebook is using.

Complying with GDPR isn't likely to result in any significant changes in how you use tech services though, only in how they use you (or, more specifically, your personal data). That point was underlined by Google's data privacy update.

"Nothing is changing about your current settings or how your information is processed," Google's note reads. "Rather, we’ve improved the way we describe our practices and how we explain the options you have to update, manage, export, and delete your data."

The European law promises to present consequences to companies that don't abide by the new rules, too. Services that don't comply with GDPR are liable to be fined up to whichever of the following two amounts is greater: 4 percent of a company's global revenue or $23.3 million (which converts to €20 million).

Věra Jourová, a top justice official at the European Union, said in a statement,

The rules are based on a risk-based approach. Companies that have been making money from our data, have more responsibilities. They should also give something back to the consumers; at least the security of their data. Companies, which do not process data as their core business activity, have less obligations and mainly have to make sure that the data they process are secure and used legally. They will also be rules with teeth. Everyone, especially those companies that monetize our personal data, will have an interest to play by the rules.

Though the effective start of GDPR coincides with renewed interest in the subject of data privacy, the timing is a bit of a coincidence. GDPR was actually created in April 2016, after four years of consideration, at that. The European Union then allowed two years before actual implementation of compliance to be enforced.

Now that those two years are up, companies all over are flowing their users inboxes, updating them on how exactly they use your data. So, yes, there's a specific reason you're getting all those updates: It's the law.