In case you haven’t opened your email within a couple of weeks, almost everyone around the world has been receiving privacy policy updates from multiple websites and apps.

What is it all about?

Simple put, the privacy policy updates were done in compliance with the European Union (EU)’s General Data Protection Regulation, or GDPR. This was put into full effect just this May 25. This basically stated that:

1. Companies need to be transparent with how the collect data from users, and they now need to actually be explicit in their data collection requests
2. Users should have the capability to access, manage, or delete their own data
3. Companies are also given three days to let users know if there have been data breaches or hacks.

This policy actually covers countries that have transactions with ANYONE in in the 28 EU states. In effect, almost all major companies in the world are affected, since there MIGHT be at least 1 user from an EU state doing transactions with the company. Thus, almost all companies sent out their privacy policy updates via a lot of pesky emails.

Why did they do this??

Facebook was recently embroiled in the Cambridge Analytica Scandal concerning data collection of up to 87 million facebook users, to create targeted ads, and was particularly a hot topic because it involved influencing voter’s decisions during the 2016 US Elections. Thus, the EU came up with new rules to protect their citizens from data leaks. Any company which will violate the GDPR will incur a hefty fine of up to 4% of global revenue.

What do I need to do??

At least read the emails! Here’s what Google stated in their privacy policy update, it’s short, and very specific on what they actually changed:

In addition, it’s high time to think of more ways of making your online accounts more secure. Some suggestions are to

1. Remove autofills
2. Schedule to change passwords regularly
3. Turn on two step verification, and
4. READ website policies before submitting any personal information.

Is that it??

In the Philippines, we also have the Data Privacy Act of 2012. This also in effect requires companies to comply with specific data privacy requirements stated in the provisions. This states a lot of [ideal] stuff, but basically also means that companies need to be very specific with how the collect data, what specific data they collect, and how this data is stored and secured. Though most of these imply added security for consumers, most data are still very prone to leaks and hacks. Some local banks have reported getting attacks almost everyday.

Nonetheless, be very careful where you store any sensitive information, as technology has made it easier for other parties to get hold of your personal data and use it in many ways. If you can, rethink how you securely you store passwords, private photos and important documents on the internet.