Friday 20 September 2019

Privacy is all very nice, but please just make the emails stop

New EU laws on digital data protection, which came into force last week, are driving internet users to despair, writes Eilis O'Hanlon


Eilis O'Hanlon

Last week, I updated my privacy policy. My new privacy policy mainly involves an overwhelming desire to protect my privacy from all the companies now emailing me to announce that they've updated their privacy policies and would I care to take a look at the new terms and conditions?

I probably should, I know that, but there are just so damned many of them that I'd barely have time to eat or sleep if I took up every new invitation to do so. Most of the emails have been deleted unread.

It's all because of the new EU law on digital privacy, which came into effect last Friday. The General Data Protection Regulation, or GDPR for short, is designed to keep users informed about what and how much data is being collected on them by organisations with whom they come into contact. As such, it's definitely a Good Thing.

There's also no point blaming the companies who are sending out this blizzard of emails, because they risk being fined up to four per cent of their global revenue if they don't comply. But why didn't they get GDPR-fit before the deadline instead of leaving it to the last minute? The legislation was approved in 2016, giving them plenty of time to make preparations for the day of judgement. One answer seems to be that many of those who dilly-dallied didn't understand what the hell it meant either. Hence the avalanche of spam which is now hitting everyone's inboxes, as companies rush to catch up.

"My entire inbox is beginning to feel like the ramblings of a desperate ex-boyfriend," one wag observed last week; but at least in this case, unlike those desperate ex-boyfriends, the pleading emails urging us to stay in touch will eventually go away if we ignore them long enough. It's just that, in the meantime, refreshing one's inbox has begun to trigger feelings of existential dread. Which of these unwelcome guests wants to corner me now, like a drunk at a party, and bore me with their life story?

One vaguely interesting upshot of getting all these emails is that it's a reminder of just how many pointless services and organisations to which one has, at some moment or other, subscribed. Joking aside, my own list is relatively modest. There are a few money transfer services, Ticketmaster, Channel Four, the Gate Theatre... nothing too onerous. I've seen screenshots from other people showing far scarier inundations of notifications. But even I've been thrown by the odd new arrival.

What in God's name, for example, is Quora? Had that question been asked before, I could have honestly answered that I didn't have a clue. Now it turns out that I am signed up to it and need to urgently review this mysterious entity's updated privacy policy.

Apparently, it's a website where random people ask questions, some serious, some not so serious, and other users post replies. Clearly, at some point I must have clicked a link whilst surfing the internet, had to enter my email address in order to continue, and did so without thinking.

Years later, there I still am in a database somewhere, adding to that great global mass of information about each and every one of us, a body whose existence has caused such consternation of late, since Facebook admitted to having such a laissez faire attitude to the security of its users' personal data.

As such, it's probably a positive development that what was hidden will now be transparent, at least for the time being. As the weeks and months go by, we'll all just become as careless as ever about our personal data, clicking whatever boxes these faceless organisations demand that we click in order to access their services. Who has time to read privacy policies, or terms and conditions? But for now, it's been a salutary exercise.

Take Ryanair. Everyone's flown Ryanair at least once in their lives. That means we're on their database. That's why the Customer Services department of the airline has been sending out emails assuring passengers that, "We are committed to protecting your personal information and to being transparent about the information we are collecting about you and what we do with it" and inviting recipients to "take a look".

Should they do so, the first thing they might notice is just how much data Ryanair collects, from the obvious stuff like name, address, telephone number, passport and credit card numbers, gender, nationality, and travel history, right down to less obvious things such as "information about how you use our website and/or App", and - Big Brother alert - "real-time geographic location of your computer or device through GPS, Bluetooth, and your IP Address, along with crowd-sourced WiFi hotspot and cell tower locations". The airline promises that "When we no longer need your personal data, we will securely delete or destroy it", which definitely sounds reassuring.

But while they have that information, the policy also explains that they will and do share it with certain third parties, including Government authorities and law enforcement bodies, "trusted service providers", "call centres providing assistance to our customers, cloud service and email marketing service providers assisting our marketing team with running customer surveys and providing targeted marketing campaigns", and social media providers, where it may be "possibly presented on your social media profile to be shared with others in your network" in accordance with that third party's privacy policy too. All this just so that you can fly to Alicante for a few weeks in the sun.

In fairness to Ryanair, it's no worse than every other organisation when it comes to harvesting huge amounts of data on its customers, all of whom have been perfectly free at any point before now to dig a bit deeper and find out what information is held on them.

It's also hugely irritating to witness the hypocrisy of people who rail against these firms for invading their precious privacy when they themselves babble endlessly on Facebook and Twitter about every last thing they're doing and thinking and logging every last place that they go. Those who catalogue their lives in minute detail online have no right to complain about the surveillance state.

They're almost as annoying, in fact, as those people who swear that Vladimir Putin can personally swing the result of elections anywhere in the world just by paying trolls to spam your timeline with funny memes. Just watch, the losing side in the abortion referendum will be out in days to come, claiming that it was all rigged by shadowy foreign forces as well.

Even so, the fact that people have become giddily hysterical about the amount of data which is held on them doesn't mean that it's not genuinely troubling. Perhaps the new law on GDPR will mark a turning point in the fight for privacy, but I can't escape the sneaking suspicion that most people would agree to any amount of digital infiltration if it would just make the ruddy emails stop.

Sunday Independent

Today's news headlines, directly to your inbox every morning.

Don't Miss