What All of Those Privacy Policy Updates Mean for You, Just A Regular Guy Who’s Signed Up for a Lot of Shit Over the Years

It didn’t take long for the cereal box-privacy policy joke to get beaten into the ground until it was robbed of all its humor.

Luckily, though, it was far from the only privacy policy joke from last week. There were, in fact, a metric shit-ton of them, with the best arguably coming from Rian Johnson, the director of The Last Jedi.

The ubiquity of these jokes speaks to the ubiquity of those pesky privacy policy notifications you’ve undoubtedly encountered over the past several weeks. If you’re anything like me, you’ve been inundated lately with emails and pop-ups from all kinds of websites, monthly subscription services and apps you’ve long since forgotten you ever signed up for. And it’s probably left you wondering just what the hell is going on.

The short answer is companies have been in a mad dash to update their terms of service ahead of GDPR, the European Union privacy regulations that went into effect last Friday, and will have a profound effect on how businesses conduct themselves on the web.

Sure, fine, whatever. But what does that mean for me, just a regular guy who wants to check his fantasy team and stuff? you ask in response.

To that question, I have many answers…

What’s this GDPR business you speak of?

The European Union General Data Protection Regulations are a new set of laws governing how companies in Europe collect web data on their customers and website visitors.

Yeah, but I’m a goddamn American. Why does this apply to me?

Well, that’s the tricky part. The internet is a largely amorphous, borderless entity by nature, so country-specific regulations tend to have a wider effect than possibly intended. Tech companies that do business all over the globe such as Facebook, Google and Twitter, for example, are subject to the laws, but so are all U.S.-based companies that offer their goods/services to European consumers. Hence, the flood of emails and pop-up notices.

What does GDPR do?

That’s quite complicated. But at a fundamental level, GDPR inverts the current data-collection standard. Instead of companies indiscriminately collecting data on people who visit their websites, companies now have to get consent from website visitors before harvesting their data. Basically, it shifts the privacy onus from consumers (an “opt-out” model, in which internet users must actively revoke access to their data) to companies (an “opt-in” model, in which companies must first get consent before collecting data).

The deadline for GDPR compliance was May 25, which is why you received a flurry of emails from companies right before Memorial Day more or less saying, “Oh, btw, just wanted to let you know that by using our service you tacitly consent to us collecting potentially sensitive personal information about you. Hope that’s cool!”

Still, it’s a good question because the specifics of how this law will be regulated are ambiguous.

Sounds complicated.

Buddy, you’re telling me. Complexities and confusion abound around this legislation, so much so that many people in the digital media industry are openly joking they have no idea whether they’re in compliance.

GDPR dictates companies get explicit consent to harvest user data, but there’s lots of legal hand-wringing over what “explicit consent” means. And things will vary country to country. Companies that flout the law can be fined up to 4 percent of their revenues, or a maximum of 22 million euros ($23.3 million USD). But violations and fines are to be doled out by each country’s national authority. What that means for companies such as Facebook, that has users in every European country, is hard to say at this moment. So expect a lot of back-and-forth in the coming months and years over what constitutes acceptable data collection.

Who stands to benefit from this?

Ironically, many believe GDPR, which was directly aimed at limiting the power of Facebook and Google, will actually help the digital duopoly (as insiders call it) further cement its stranglehold on the industry. The argument is Facebook and Google have so embedded themselves into people’s daily lives that users will have no choice to but agree to the two companies’ data-collection policies. Up-and-coming companies, however, will have a tougher time convincing new customers to make similar agreements.

That said, Facebook and Google are already facing GDPR lawsuits that could cost them nearly 4 billion euro.

Each.

Why does Europe tend to care so much more about this kinda stuff?

World War II.

No, seriously, World War II.

Nazism and all of its fascist machinations — warrantless domestic surveillance, secret police corps, restricting freedoms, rounding up and slaughtering dissidents by the millions — has instilled in Europeans a deep-seated skepticism toward powerful institutions, especially ones that widely and indiscriminately collect people’s personal information. Tech companies in particular have a bad rep there due to the role tech played in the Holocaust. IBM, for instance, provided the Third Reich with the punch-card technology Nazis used to keep track of the millions of Jews it transported to concentration camps during the war.

Of course, not all Europeans feel similarly about online data privacy. Surveys show people in Western European countries — including, ironically, Germany — tend to be more willing to give up their personal information in exchange for free, ad-supported content.

Again, what does this have to do with the U.S.?

Remember that brief moment last month when everyone in the U.S. suddenly cared about data privacy following the Facebook-Cambridge Analytica data-breach scandal?

Probably not! It feels like ages ago in this simulated hellscape we’re living in.

Anyway, many Americans are looking to GDPR as a potential model for regulating data privacy here at home. Whether that will ever happen remains to be seen, though. As noted above, Europeans are far more sensitive about this stuff than Americans. All the worries about Facebook, for instance, seem to have blown over already, with the company’s stock price rebounding to where it was before the scandal broke. (Full disclosure: I bought a not-insignificant amount of Facebook stock when it dropped, that’s how confident I was that these privacy concerns would be quickly forgotten.)

So to answer your question, GDPR doesn’t have much of an effect of your day-to-day to life. You’ll probably continue ignoring privacy policies and nonchalantly consenting to having your data tracked. And the best proof of this blasé attitude are all the tired jokes being made about it.