There’s a reason you’ve been getting a lot of emails recently about updated privacy policies—the European Union’s General Data Protection Regulation goes into effect on May 25. The new law requires companies that do business with users within the European Union's 28 countries to be more transparent about how they collect and use customers' information. That means that as a consumer, you should have more control over, or at least be able to better understand, your privacy.
Still, let’s face it—privacy policies are boring. They’re full of legal jargon, they're often complex, and the information they contain likely won’t stop you from using a service you need or purchasing a product you want. Most people don’t even read privacy policies, and research suggests that at least half of us don’t fully grasp their purpose.
1. “INFORMATION WE COLLECT” OR “INFORMATION YOU GIVE US”
For as long as you've been using the internet, you’ve likely been giving your personal information to dozens of websites that required you to create accounts to access services or make purchases.
This could include everything from your name and date of birth to your social security number. Any data, even information you consider “non-sensitive” (for example, your email address may seem innocuous compared to your credit card numbers) can be used to connect the dots and create a detailed digital profile.
Some of this information you provide actively and voluntarily, but much of it you may not be able to control. For example, Facebook collects information about you from other users. You also give up billing details and data about your connected devices (IP address and geographic location, for example), which you may not realize you are granting Facebook permission to view and use. We unknowingly provide lots of personal information to our internet service providers (ISPs)—and would-be hackers—with many of our regular internet browsing habits.
If a login isn’t required or you aren’t making a purchase, websites still collect data using cookies—little bits of text that help the site identify you. Cookies are the reason you are targeted with certain ads and can stay logged in as you navigate around a site. While you can disable cookies in your browser, this will limit your ability to fully use many websites.
3. “INFORMATION SECURITY”
This is another vague area in many policies. Facebook and Amazon both share data with a number of third parties, including customer service providers and third-party apps you connect to your Facebook account. Companies may also share non-identifying information—data that cannot be traced back to you as an individual. While third-party sharing should not necessarily stop you from using a website, you should be aware of who else is receiving information about you and whether you can opt out.
“Medical-related information is prized,” she says. “Any kind of health-related data can be used to make important decisions about our lives.”
5. “AFFILIATED BUSINESSES”
Facebook.com isn’t the only website owned by the bigger Facebook company, which may share your data with WhatsApp and several other platforms that the larger company also owns. Many companies provide your personal information to affiliated businesses—Amazon works with Marketplace sellers and companies like Starbucks and Verizon, for example. While this isn’t necessarily a dealbreaker, Dixon says that, like with third-party sharing, you should scan for where and how your data is being shared or combined and have the chance to opt out.
6. “COMBINE DATA” or “DATA BROKER”
Data brokers collect, compile, and sell personal information—from your name and email address to the websites you visit and your search history. Companies purchase this data to create a more complete profile about you, which is then used to target you with specific products or services or even determine how much your health insurance should cost. Dixon says this can have consequences on everything from education to employment opportunities and opens the door for your information to be compromised in data breaches.
7. “OPT IN” VS. “OPT OUT”—“WHAT CHOICES DO I HAVE?”
Check privacy policies for how much control you have over your own information. Many will have sections that outline what choices you have and how you can opt in to or out of certain data collection and sharing practices, similar to opting out of email communication.
For example, Amazon’s policy includes a link to update your user communication and advertising preferences, but it does acknowledge that you can’t access, update, or delete everything and notes that the company keeps copies of prior data even after you make changes. Google requires users to opt in to any sharing of sensitive personal information and allows you to opt out of advertising services, choose what data is saved in your account, and remove some information from Google services.
Following the Cambridge Analytica controversy, Facebook recently announced that it is updating its data policies to give users more opportunities to actively choose how their data is collected, stored, and shared.
Another important thing to ask: What happens to my information over time? Facebook stores your data for “as long as necessary” to provide you with products and services, but information will be deleted once you delete your account. Even if you get rid of certain accounts, however, your data may live on a company’s servers for longer. For example, Google’s policy says that they may not “immediately delete residual copies” or remove information from backup servers.
9. "CONTACT US"
Companies should offer a way to get in touch. In fact, Dixon recommends reaching out to companies directly and asking these questions about their privacy practices. As a consumer, you have the right to understand how your personal information is used as well as the right to opt out of any data sharing—and now is the time to demand that companies collect and secure our data responsibly.