Why Companies Are Revamping Privacy Policies
Companies are bombarding consumers with emails informing them of changes in their firm’s privacy policies. What is the reason for this change?
The new policies are an attempt by companies to comply with a new European Union law called the General Data Protection Regulation (GDPR). Any company processing data from residents of EU countries must have a legal reason to collect personal information and must obtain the user’s consent. Since many companies, such as Facebook and Instagram, operate worldwide, users outside of the EU are being notified of the new regulations.
The purpose of the new law, which went into affect on May 25, 2018, was to prevent companies from hiding language within lengthy legal documents allowing them to track consumers and use their information. According to a 2008 study by Ars Technica, it would take the average person 244 hours a year to read all of the privacy policies for the apps and services they use. Thus, most people simply click “I agree” before using a service without reading exactly what the agreement says.
To comply with the new regulation, companies need to prove they have made it easier for users to understand how their data is being collected, stored, and used.
Another aspect of the GDPR requires companies to notify users within 72 hours once they have learned of a data breach. Companies such as Code42 have created products to make it easier for companies to detect and track breaches, making it easier to meet this tight notification requirement. Code42’s new Forensic File Search solution allows IT professionals to search metadata on a cloud and provide information about potential breaches they can then pass on to consumers.