Why you're suddenly getting lots of emails from sites you haven't visited in years

  • Companies that operate in Europe are alerting people to new privacy policies and changes that meet U.K. and European GDPR rules.
  • That means you're getting emails from all of these services telling you about their new policies and how they use your private data, even if you live in the U.S.
  • Here's what GDPR is and why you're getting those emails.

You might have noticed that your inbox is suddenly being bombarded by messages from apps and services you haven't used in years.

You're not alone, that's my Gmail inbox above.

There's a reason you're receiving them now: Europe's General Data Protection Regulation went into effect Friday, which means companies and services are now alerting you to how they meet the new privacy guidelines.

The GDPR guidelines are long and complicated, but the gist is that the protections give you more control over the data companies store on you and how the information can be used. In advance of the new rules, you've been getting flooded with emails explaining updates that comply with GDPR.

What is GDPR?

Companies that offer apps and services in Europe — every firm from Spotify to Google — have to update their guidelines and even the core structure of their apps so that they're meeting these new privacy rules. Users in the United States and other parts of the world will begin to benefit, at least if companies are making changes to a single app that's used everywhere.

The U.K.'s Information Commissioner's Office has all of the information you need on GDPR, but it centers around the protection of personal data. The GDPR considers personal data to include:

  • "Personal data is information that relates to an identified or identifiable individual."
  • "What identifies an individual could be as simple as a name or a number or could include other identifiers such as an IP address or a cookie identifier, or other factors."
  • "If it is possible to identify an individual directly from the information you are processing, then that information is personal data."

Lots of companies are beginning to allow you to download personal copies of the data they've collected on you or that you've stored. Google, Apple and Facebook have already let users do this, though they're making it even easier. That's because the GDPR includes personal protections such as:

  • The right to be informed: This means you have the right to know how companies use your data.
  • The right of access: This means you can access all of the data a company stores on you.
  • The right to rectification: This means you can change that personal data if it's incorrect.
  • The right to erasure: You can remove all of the data a company has stored on you.
  • The right to restrict processing: gives a user in some circumstances the option to limit how a company uses their data.
  • The right to data portability: This means you can download your data and take it to another service. For example, if you wanted, you could take everything from Google and move it to Apple.
  • The right to object: Users get an "absolute right" to stop companies from using private data for marketing.
  • Rights in relation to automated decision-making and profiling: Guidelines for decisions that are made by machines instead of humans.

A major focus of GDPR is that companies will not be able to use vague or confusing statements to get you to agree to give them data, which means it could have a far-reaching impact on some of the biggest technology firms in the world including Facebook and Google. (Read CNBC's guide to GDPR's business impact here.)