You have no doubt received a glut of emails over the past week from service providers and companies you’ve done business with. These emails are informing you of changes to their terms and conditions.
(“Who actually reads these,” you wonder. “Meeeeeeee!” shouts the digital law specialist.)
Speaking for myself, I received three in a matter of hours:
So what’s going on here?
The main issue here is compliance with the EU-US Privacy Shield Framework.
When you use the services you’ve received these emails from, your data is sent outside the EU to the US, either for web hosting or marketing purposes. The US does not have a data protection or privacy regime like Europe does, which could make your data fair game for anything. For that reason, companies from outside Europe who do business here must certify that they have data protection procedures in place that are equal and adequate to EU data protection standards. That certification process is called Privacy Shield.
The reason you are receiving emails about it now is because Privacy Shield only started up on 1 August. It replaced a previous EU-US data protection agreement, the Safe Harbor scheme, which was invalidated last year by the European Court of Justice. (Why? Snowden.)
Privacy Shield certification, like the data protection principles behind it, is not an overnight, tick-box, automated process. It takes a few weeks to put principles and procedures in place, get systems up and running, and then enter the certification process itself. Those companies that immediately entered the Privacy Shield system are only now being certified.
Hence the emails.
And, as you can see from the Mailchimp and Twitter emails, many providers are using their Privacy Shield compliance announcements as an opportunity to tidy up other terms, conditions, and privacy policies as well.
You may find these emails annoying, but they are legally required to inform you of these changes.
Believe me, you would be more annoyed if they didn’t tell you at all.