
GDPR isn't to blame for all the permission emails you're getting - tooba
http://www.wired.co.uk/article/pecr-gdpr-emails
======
planetjones
Those dumb emails I am getting are not a problem, for me at least. Infact it’s
a good opportunity to remove myself from some communications which are no
longer relevant.

The biggest problem was the previous directive, which meant all EU websites
display an intrusive message about cookies which needs a click to dismiss.
That is the most dumb thing I encounter. And continue to encounter on a daily
basis.

~~~
drb91
This is only if you have non-essential cookies, ie you are tracking users.

~~~
mort96
I find it annoying that every single one of those messages say something to
the effect of "We use cookies to improve your user experience", when 99.9% of
the time, the only reason you need third-party cookies is user tracking.

Maybe that law should've included a clause about how you shouldn't lie about
why you're using third-party cookies?

~~~
ChrisSD
Both can be true. Why track users? So you can see common paths they take,
common stumbling blocks, if feature A is better than feature B, etc, etc. Also
ad tracking (supposedly) helps deliver more personalized ads that are actually
relevant to the user.

So they argue that tracking does improve user experience. You may disagree
with their reasoning but that doesn't make them liars.

------
tjoff
Those emails are awesome and any company sending looks better in my book.

That said I never accept their plead, I absolutely never ever sign up to any
kinds of email marketing so the ONLY reason they even attempt this is because
they were doing shady business earlier.

I bet that we will see lots of complaints where companies cry of losing their
audience. Well first off it was an _illegal_ channel anyway and second noone
read your mail anyway.

GDPR is one of few things that honestly gives me hope for the future of
internet. It has the potential to embed a consciousness of how data is
managed, both in companies and users.

~~~
DanBC
> Those emails are awesome

The point is that those emails are clear signs that companies are ignoring
existing laws. It's already illegal, under PECR, to send marketing email to
people without their permission.

This should be somewhat reassuring to all the GDPR alarmists: we have very
many companies ignoring the law at the moment, but not being fined.

~~~
tjoff
Exactly, the point is that unlike existing laws GDPR has a chance of success.

 _That_ is awesome.

~~~
tjoff
Rereading GP I might have misinterpreted a bit (the above still stands
though).

I see two kinds of emails. One is along the lines that "FYI: we updated our
policies regarding X", those are perfectly fine.

Then we have "please click here to allow us to send you more emails", which is
more or less admitting "hey, we abused the system and spammed you before,
please let us continue to do so".

And I actually get a smile on my face when I receiver either of them. Yes, the
second one should be really bad but I already knew that. The signal I get from
the second email is "hey, we're not particularly happy about the situation but
we will at least obey the new law". And that makes me happy for many reasons.

------
luos
Actually, I am happy they are sending these. I hope it is really working and
they will delete my data as there was not one I approved again.

Job recruiter sites were asking me if I allow sending more emails and as it is
practically impossible to unsubscribe from them I will be glad if GDPR makes
them stop.

~~~
blfr
It doesn't seem to be working that way. I only receive informational emails
that do not require any action and will not result in deletion of any data.

------
crazypyro
I don't understand this article. It's entire argument is there was already a
law in the UK preventing unsolicited emails, but nobody was following it. Now
that the GDPR has huge fines, there is a lot more liability. Seems its exactly
the GDPR to blame...

~~~
CiaranMcNulty
It's also that they had insufficient recording of how consent was given (which
GDPR was stricter on).

So lots of firms, including some I've worked with, have huge mailing lists
with addresses from multiple sources and are _pretty sure_ they got consent in
all of those cases, but have no way of showing that if asked.

~~~
TeMPOraL
They are _pretty sure_ they got consent, i.e. they know they didn't, and half
of those lists are probably from shady sources. GDPR without requirements for
audit trail would be useless.

------
pg_bot
The GDPR is certainly to blame for all of those dumb emails you're getting.

"in the UK the Information Commissioner has made it clear it won't be heavy-
handed with fines"

Unless the information commissioner is immortal and is appointed for life
there are no guarantees that this will always be the case. Companies read the
law and see that they can be fined up to €20 million or 4% of their annual
revenue (whichever is greater) and act accordingly. The GDPR is especially
pernicious as its scope reaches beyond the boundaries of the European Union.
If you're an American company and a single European citizen uses your services
you are bound by the GDPR's regulations.

Some people claim that the court system in the EU is more judicious than the
United States. For those people I want to ask "Why should I trust the opinion
of the people who are going to sue me if I am found to be noncompliant". If
you think the people covering their butts are being irrational, read the law
again.

[https://gdpr-info.eu/](https://gdpr-info.eu/)

~~~
jdietrich
The GDPR is perfectly straightforward to interpret and apply. It's remarkably
similar to the existing Data Protection Directive. If you are using data in a
specific, explicit and legitimate way, you have nothing to fear from the GDPR.
It only seems radical because tech companies have operated with relative
impunity in the past, hoovering up data en masse with no regard to the privacy
or security of their users.

Article 83 clearly states that penalties must be proportionate to the scale of
the breach, the impact on users, the intentional or negligent character of the
breach and the degree of co-operation with the supervisory authority. A
supervisory authority can't just bankrupt your company out of spite.

[https://gdpr-info.eu/art-83-gdpr/](https://gdpr-info.eu/art-83-gdpr/)

Your bio says that you're a founder of a company that processes healthcare
data. The maximum civil penalty for HIPAA violation is a fine of $50,000 _per
violation_ and there have been several multimillion dollar penalties. The
maximum criminal penalty is 10 years imprisonment. If you're worried about
GDPR, you should be absolutely terrified of HIPAA.

~~~
raverbashing
> Your bio says that you're a founder of a company that processes healthcare
> data. The maximum civil penalty for HIPAA violation is a fine of $50,000 per
> violation and there have been several multimillion dollar penalties. The
> maximum criminal penalty is 10 years imprisonment. If you're worried about
> GDPR, you should be absolutely terrified of HIPAA.

Yes, I also find this hilarious, people love to spread FUD about the GDPR, but
HIPPA is more serious (though limited in scope).

~~~
crazypyro
I think the scope differences between HIPPA and GDPR, as well as the
specificity of some of the language used, are key factors in why someone might
disagree with GDPR, but not HIPPA.

------
vool
As it happens I just received an email from Kickstarter informing me about
their policy changes due to GDPR, the mail does not contain an not opt-out or
unsubscribe link ! That is required by GDPR, or at lease good practice right ?

~~~
BillinghamJ
No, because they believe that they're obliged to inform you. It isn't
marketing.

~~~
vool
ah,thanks for the clarification !

------
teknopaul
Have a look through my promtions inbox in gmail and fine everyone of them.
What we need is a tickbox that says do you want all your spam senders fined. I
do wonder if in fact Google is involved in a fair few of them.

------
raverbashing
> But, it turns out, most of these emails are pointless. "In the UK it has
> been the law since 2003 that you can only send a marketing email to an
> individual recipient when they have consented to receive it or you have an
> existing customer relationship with them and have offered them the
> opportunity to opt out," explains Jon Baines, data protection advisor at law
> firm Mishcon de Reya.

> So why are they sending these emails? It's largely around the fear of GDPR.
> The regulation says companies can be fined up to €20 million or four per
> cent of their annual global turnover. Many companies are keen to get their
> systems in order. Although in the UK the Information Commissioner has made
> it clear it won't be heavy-handed with fines.

TL;DR: It's basically CYA and checking things that they weren't doing before
now _that they should have been doing_

------
aidaman
Article titled "GDPR isn't to blame" followed by article about how GDPR is to
blame.

------
codazoda
TlDr; GDPR isn't to blame, GDPR is to blame. GDPR doesn't require them but an
existing law does and GDPR is causing companies to notice.

