Join the IMPACT coaches for a deep dive on a new topic every month in our free virtual event series.

Register Here

Join the IMPACT coaches for a deep dive on a new topic every month in our free virtual event series.
Register Here
The Ultimate Inbound Marketing Strategy Playbook 2022

Take your inbound strategy to the next level

  • Master the 7 principles of highly effective inbound marketing
  • Dramatically improve your inbound sales
  • Get more buy-in at your company

What Should I Do With All These Privacy Policy Emails?

By Kate Fodera

What Should I Do With All These Privacy Policy Emails?

Your inbox is a sacred place but, if you’re like the rest of us, last week, it was infiltrated by an onslaught of “privacy policy” emails from companies.

The emails likely came from companies you’ve purchased products/services from online or you’ve submitted your email address to subscribe to a newsletter.

Or, if you’re like me, companies you engaged with eons ago and then promptly forgot existed…

 Join the IMPACT coaches for a deep dive on a new topic every month in our free virtual event series.

What? I’m a sucker for a ‘Sign up and receive 10% off!’ deal.

So, why are they emailing you now?
Well, on May 25th, the General Data Protection Regulation (GDPR) law officially came into effect, so it was time for companies to take action in order to be compliant.

But before we dive into what you can (and possibly should) do about these emails, let’s back up a second…

What is The General Data Protection Regulation (GDPR)?

Put simply, the General Data Protection law is the most recent in a chain of EU parliamentary measures designed to put the highest levels of protection around personal data.

From its charter: “The protection of natural persons in relation to the processing of personal data is a fundamental right”and this isn’t a big surprise for Europe as they’re focused more on the “consumer-first” point of view while American laws and regulations tend to favor business.

There are actually six different ways that companies can legally justify using personal data:

  1. With the individual’s unambiguous consent
    1. a freely given, specific, informed and unambiguous indication of the data subject’s agreement to the processing of their personal data, either by means of a statement or by a clear affirmative action.”
  2. Contractual obligation
    1. A common example of this would be processing an employee’s name, surname, and photograph to produce a company identification badge.
  3. In the legitimate interest of the data controller
  4. In the vital interests of the data subject
    1. Recital 46 gives examples of vital interests and public interest as those which require processing for humanitarian purposes (to control epidemics, for example) and situations of humanitarian emergencies, in particular in situations of natural and man-made disasters.
  5. In the public interest
    1. For example, schools may obtain a central sex offenders’ registry clearance certificate, which is required for everyone who works with minors.
  6. In compliance with legal obligations
    1. Some companies are required to preserve data and documents for a period of 5 years in compliance with Article 25 of Law 34/2002, of 11 July, on information society and e-commerce services.

Psst… if you’d like to know more about GDPR and how it affects HubSpot Marketers, definitely check out this our blog post, “May or Bust: Your Essential Guide to GDPR Prep for HubSpot Marketers.

But this blog post isn’t about GDPR, it’s about those dang emails.

So, Why The Privacy Policy Emails?

Now that companies are becoming GDPR compliant, it’s their responsibility to reach out to you if they’re unsure if they properly received consent from you and it’s not just the responsibility of companies located in the EU to reach out.

In fact, GDPR requires all companies who may have global customers need to confirm consent.

Personally, I love the way that this aggressive inbox tap on the shoulder has been explained by Tiffany Li, a resident fellow at Yale Law School’s Information Society Project and former in-house counsel for for the coding education startup General Assembly:

“I love the subject lines like ‘Please don’t leave us,’ ‘We value you,’” she says.

“The companies reaching out are like a bad boyfriend: They want you to stay, but they know they did something wrong.”

So, sure. It’s great that companies are reaching out and asking us to stick around but for other companies (we can think of them as ‘The Bad Boy Boyfriends’) who have avoided compliance, they’re getting hit hard right now.

Both Facebook and Google were hit with lawsuits on May 25th.

The complaint against Facebook was filed with Austrian data regulators, Google with French regulators, WhatsApp with German regulators, and Instagram with Belgian regulators as soon as the law went into effect at midnight.

The lawsuits, which seek to fine Facebook 3.9 billion and Google 3.7 billion euro (roughly $8.8 billion in dollars), were filed by Austrian privacy activist Max Schrems, a longtime critic of the companies’ data collection practices.

Those fines have got to hurt, however, it’s worth noting that both companies have publicly argued that existing measures were adequate to meet GDPR requirements.

So What Do I Need to Do With All These Privacy Policy Emails?

While it may be tempting to immediately delete the privacy policy emails t flooding your inbox, I want to ask you to hold on and think about it before you do that.

These companies are reaching out because they have some sort of personal data stored for you.  

It’s a great opportunity to ‘break up’ with those companies who you no longer want to be linked to.

Unsubscribe to email lists and close accounts with companies who you no longer shop with (or use - I’m looking at you Ello) and make sure you know and are comfortable with those people you don’t.

If you’re too slammed right now but understand the need to really look through these account and companies, consider creating an email folder for all of these emails.

You can go through that folder on the weekend or during the evening hours when you have some time.

It’s also a great time to really dive into how companies have updated their Privacy Policy to be compliant.

Many of the emails I’ve read explain that they’ve added additional information and transparency to their policies.

And, in the spirit of being transparent with the new compliance, companies have also made it very clear in these emails whether or not you need to take any sort of action and if so, what to do to make sure you’re comfortable. 

Indeed, for example, let me know that there wasn’t any further action I needed to take upon receiving the email - “By continuing to use our services, you agree to the updated terms.”  

Screen Shot 2018-05-29 at 2.47.13 PM

Ommwriter made it easy for me to unsubscribe if I no longer wanted to receive their emails by clicking a bold link under the signature and Medium actually suggested that users reach out via email with their feedback if we were unsure or unclear as to what it means for users of the site. That’s a nice personal touch.

Screen Shot 2018-05-29 at 2.47.49 PM

But, of Course That Doesn’t Stop the Internet From Cracking Jokes

Okay, I won’t spend a lot of time on this section but come on… the following are too good not to acknowledge…

Star Wars: The Last Jedi director Rian Johnson:

Screen Shot 2018-05-29 at 1.54.11 PM

Writer, director and comedian Zack Bornstein:

Screen Shot 2018-05-29 at 1.55.04 PM

Web-video Producer Marques Brownlee:

Screen Shot 2018-05-29 at 1.56.19 PM

At the end of the day, my recommendation is to read everything -- or at least skim it.

By taking stock in what companies have your information, and then either unsubscribing or staying connected, you’ll be smarter and more aware of who knows what, lower the risk of your data being compromised, and also
play a more active role in the experience/service you receive from these brands.

Consider this your opportunity to either break up with and stay in engaged in your corporate relationships.

Join the IMPACT coaches for a deep dive on a new topic every month in our free virtual event series.


Data Security
Published on May 30, 2018

Recent Articles

The 4 Top Business Analytics Platforms for Data-Hungry Organizations
June 20, 2022 • 6 min read
HubSpot and Data Privacy: How to Collect Contacts the Right Way
October 4, 2021 • 4 min read
Google: 'Here's how to prepare for the future private web'
July 16, 2021 • 4 min read
Apple Mail privacy news spooks email marketers, newsletter creators
June 16, 2021 • 4 min read
Virginia Consumer Data Protection Act (VCDPA) is now law, but so what?
March 8, 2021 • 3 min read
Your visitors will see your forms aren't secure with new Google update
August 27, 2020 • 2 min read
EU: Google Analytics, Facebook Connect use could warrant legal action
August 24, 2020 • 3 min read
Apple's privacy update: What does it mean for your mobile ad strategy?
July 24, 2020 • 2 min read
Data privacy update: How the CCPA affects you and your paid advertising
July 15, 2020 • 4 min read
GoDaddy vs. WP Engine: How they compare when your website gets hacked
July 2, 2020 • 6 min read
If COVID-19 forced your business online, you need to update your privacy policy
July 2, 2020 • 8 min read
Google releases new security and privacy controls for Chrome users
May 29, 2020 • 3 min read
Google's new third-party cookie update to roll out with Chrome 80
February 12, 2020 • 2 min read
How to secure your website: 5 tips for every business website
February 11, 2020 • 5 min read
Why do regular backups of your website matter?
December 23, 2019 • 6 min read
IAB releases CCPA compliance framework ahead of Jan. 1 rollout
December 11, 2019 • 3 min read
Data security: Should you trust an agency with the 'keys' to your website?
November 28, 2019 • 4 min read
Microsoft extends CCPA privacy protections beyond California
November 15, 2019 • 3 min read
What should you do when your website gets hacked?
October 22, 2019 • 8 min read
Is Apple's iOS 13 hindering location-based marketing?
October 10, 2019 • 3 min read
Leading American Business Executives Urge Congress to Pass Federal Data Privacy Law
September 13, 2019 • 2 min read
The Fall of Nacho Analytics: Important Lessons for Site Owners
August 19, 2019 • 5 min read
The Future of Internet Passwords & What "WebAuthn" Means For Businesses
March 6, 2019 • 3 min read
Google’s $57 Million Fine Reminds Businesses and Marketers GDPR in Full Effect
January 24, 2019 • 2 min read
NAACP's #LogOutFacebook Protest Uncovers A Whole New Danger of Data Misuse
December 19, 2018 • 3 min read