Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Privacy Businesses EU

Email Unsubscription Service Unroll.me To Close To EU Users Saying it Can't Comply With GDPR (techcrunch.com) 76

Unroll.me, a company that has, for years, used the premise useful "email unsubscription" service to gain access to people's email inboxes in order to data-mine the contents for competitive intelligence -- and controversially flog the gleaned commercial insights to the likes of Uber -- is to stop serving users in Europe ahead of a new data protection enforcement regime incoming under GDPR, which applies from May 25. From a report: In a section on its website about the regional service shutdown, the company writes that "unfortunately we can no longer support users from the EU as of the 23rd of May," before asking whether a visitor lives in the EU or not. Clicking 'no' doesn't seem to do anything but clicking 'yes' brings up another info screen where Unroll.me writes that this is its "last month in the EU" -- because it says it will be unable to comply with "all GDPR requirements" (although it does not specify which portions of the regulation it cannot comply with).
This discussion has been archived. No new comments can be posted.

Email Unsubscription Service Unroll.me To Close To EU Users Saying it Can't Comply With GDPR

Comments Filter:
  • One down... (Score:5, Insightful)

    by Joce640k ( 829181 ) on Monday May 07, 2018 @09:10AM (#56566396) Homepage

    One useless parasite down. That's a start.

    Go, GDPR!

  • Big surprise? (Score:5, Insightful)

    by nitehawk214 ( 222219 ) on Monday May 07, 2018 @09:13AM (#56566404)

    How can anyone be surprised that a company with full access to someone's email misuses the information they receive.

    Why is anyone still using the service after they got caught lying?

    • Re:Big surprise? (Score:5, Informative)

      by ranton ( 36917 ) on Monday May 07, 2018 @09:31AM (#56566522)

      Why is anyone still using the service after they got caught lying?

      I didn't see any mention of Unroll.me lying to their customers. They are a free service, so they are going to make money off of their customers' data. If you are curious about how, you go read their Terms of Use and Privacy Policy. This is from their Privacy Policy before details of their business model went public:

      We also collect non-personal information - data in a form that does not permit direct association with any specific individual ... For example, when you use our services, we may collect data from and about the "commercial electronic mail messages" and "transactional or relationship messages" (as such terms are defined in the CAN-SPAM Act (15 U.S.C. 7702 et. seq.) that are sent to your email accounts.

      This clearly states they will look at advertisements (commercial electronic mail message) and receipts / order updates ("transactional or relationship messages) in your inbox in order collect data to sell to 3rd parties. So where were they lying? You may not like their business model but don't accuse them of doing things they didn't do.

      • by Anonymous Coward

        I present to you a visual guide of how hard it is to read all the T&Cs today

        https://i.imgur.com/5LphAGP.jpg

        • by ranton ( 36917 )

          I present to you a visual guide of how hard it is to read all the T&Cs today

          https://i.imgur.com/5LphAGP.jpg

          I doubt that is an image of Unroll.me's privacy policy, since their document is about 6 pages long with significant white space and a Calibri 11 point font. Page 1 has their policy on collection of personal information, and page 2 has the text I listed above. If you actually care about how they collect your data, you can find everything you want under the headers Our Collection and Use of Personal Information and Our Collection and Use of Non-Personal Information, which are both about a page long.

      • I'm genuinely curious as to whether you read and comprehend all the privacy policies that are presented to you on the internet for every site that you interact with... and whether you think that that can be a reasonable thing to expect people to do.

        I mean they are deliberately written to be long and hard to understand https://www.theatlantic.com/te... [theatlantic.com]

        • by ranton ( 36917 )

          I'm genuinely curious as to whether you read and comprehend all the privacy policies that are presented to you on the internet for every site that you interact with... and whether you think that that can be a reasonable thing to expect people to do.

          I mean they are deliberately written to be long and hard to understand https://www.theatlantic.com/te... [theatlantic.com]

          No, I generally don't read any of them. But without thoroughly reading them you should simply assume all of the data you share can be shared with anyone. You should always assume the first time you type a phone number, address, etc. into a web form it is now public information, just like sending a nude selfie over SMS. Even payment methods such as credit cards are only possible because the card companies cancel / reimburse for fraudulent activity and send new cards, because you would be foolish to assume yo

      • by AmiMoJo ( 196126 )

        Not lying, just obfuscating to the point where they know that the average person won't bother to read the ToS or work out what "transactional or relationship messages" are.

        • by ranton ( 36917 )

          Not lying, just obfuscating to the point where they know that the average person won't bother to read the ToS or work out what "transactional or relationship messages" are.

          Which isn't lying. They offer a free product, so you are the product. That shouldn't be a surprise to anyone.

  • False advertising (Score:2, Insightful)

    by Anonymous Coward

    Pretending to be a service for unsubscibing, while actually being a data-mining company...

    You do realize that false advertising has always been illegal in the EU? Perhaps the real problem is that the fines for false advertising is too low, and the GDPR fines are large enough that companies care about them.

    • by HiThere ( 15173 )

      Is there any reason to doubt that they do both? If they do both, then it's not false advertising. They sell themselves to you based on what you want, and the sell your data to fund themselves.

      If so, then while it may be reprehensible, it's not false advertising.

    • Pretending to be a service for unsubscibing, while actually being a data-mining company...

      You do realize that false advertising has always been illegal in the EU? Perhaps the real problem is that the fines for false advertising is too low, and the GDPR fines are large enough that companies care about them.

      Plus data-mining has also been illegal for some 30 years. GDPR is just a minor update of existing rules to enable better enforcement.

  • by Mascot ( 120795 ) on Monday May 07, 2018 @09:22AM (#56566464)

    access to people's email inboxes in order to data-mine the contents for competitive intelligence -- and controversially flog the gleaned commercial insights to the likes of Uber

    It's almost as if that's exactly the sort of undisclosed behavior the GDPR is designed to combat...

    Granted, I suppose my subject is a bit unfair. If violating privacy is your primary business model, I guess "can't" is technically accurate.

    • by iggymanz ( 596061 ) on Monday May 07, 2018 @09:25AM (#56566484)

      EU should flood them with "right to be forgotten" requests that they have to comply with

      • They already said they would delete all EU customer data before the GDPR deadline. So that's not really going to do anything.

      • by AmiMoJo ( 196126 )

        Uber is required to delete that data now, with no action required on our part.

        This law is fucking great.

    • by Anonymous Coward

      There is always the GDPR letter from Hell [linkedin.com] that you can send them.

    • by ranton ( 36917 )

      It's almost as if [access to people's email inboxes in order to data-mine the contents for competitive intelligence is] exactly the sort of undisclosed behavior the GDPR is designed to combat...

      I don't think it is. The GDPR is specifically interested in personal information, not non-personal information such as commercial or transactional messages. As long as the data is sufficiently anonymized (something I'm sure the courts will further define over the next decade or so) I would think companies like Unroll.me could continue that part of their business model even with the GDPR.

      There are likely other aspects of Unroll.me's business model which are causing them to cut off EU customers, not their pra

      • by Junta ( 36770 )

        While I wouldn't doubt there are unfortunate facets of their business model that have not come to light, it could also be that avoiding the burden of having to reply to GPDR requesst is worth losing the market, even if you could give replies above board.

      • by Mascot ( 120795 )

        The focus of the GDPR is the need to inform the user and to allow them to control the use of their personal information, making undisclosed data collection and/or usage a primary target for the legislation. Thus this (I'm going by the summary here, I don't know anything about unroll.me) would be exactly the type of behavior it's designed to prevent. In other words, I strongly believe you are objectively wrong.

        It is possible that they could keep going if they informed the user properly and made everything op

  • by hattable ( 981637 ) on Monday May 07, 2018 @09:46AM (#56566622) Journal
    Why does it matter which part of the GDPR a company is unable to comply with? Despite how scummy of a company they are, unrollme will not be able to provide services to a large portion of the world. Privacy advocates want it (including myself), and we got it. We don't get to jab our fingers in the wound and blame the company as a way to avoid any potential negative feelings about what has happened.

    To reiterate: GDPR good. Unrollme bad. *massages temples* I chose this life. I chose this life.
  • Mandating personal privacy has cost you free shitty email service.

  • GDPR is great ! (Score:4, Interesting)

    by aepervius ( 535155 ) on Monday May 07, 2018 @10:04AM (#56566754)
    GDPR is like a great filter which tells me who is breaking my privacy and who won't. Say you close off to EU customer because of GDPR ? Great I know you were breaking my privacy and selling my data ! Good riddance !
  • If they can't justify processing my data under any of the numerous and rather broad bases [wikipedia.org], then they don't deserve to get them.
    • by Junta ( 36770 )

      Note that I'm not particularly enthusiastic about unroll.me's model or particularly trusting in their intent, but broadly speaking even if they can justify processing the data, the effort associated with auditing and proving their intent and risk according to the specific terms of GPDR could still be considered too much a burden to be worth it.

      That's generally the issue with many regulations. They mean well and there is a definite need for some regulation to serve the purpose, but often they are structured

  • Or is everyone on this discussion some kind of EU proponent wanting less freedoms and more laws for Internet? It's almost like robot shills. This is giving governments more control over business. This is not a good thing. I'd support a checkmark system like SSL in a browser that let people know if using a service could lead to leak of your information but not this. This just supports Google and Large Co to continue business as usual while killing smaller free service providers aka competition. People are ce
    • Laws and regulations can be good or bad. A lot of people think that the GDPR is a good law, and that it improves the world. That doesn't mean its supports want arbitrary more laws beyond that.

      • by jwymanm ( 627857 )
        But that is guaranteed to come. The internet needs to remain open at all costs. The entire reason it has prospered so well is because of the freedom it had when started. Now you can barely fart wrong on the net and you get taken down across 30 participating countries. CLOUD act basically means you have no rights anymore. EU sues damn near every large company on the Internet. etc
    • The law has been in effect for a little over 30 years now, and not caused any troubles. The GDPR is only an update of the enforcement. It is the very same set of laws that forced Facebook to not merge data it bought from WhatsApp, and forced Google to not merge Youtube and Google Plus accounts.

    • by Anonymous Coward

      This is about giving business less control over people by giving people more control over how businesses (and governments) process their data. That is a good thing.

  • I am a huge fan of the EU. Not only because it's a bringing prosperity to my city (Brussels), is a net contributor to local and world peace, allows me to travel and pay more easily in a territory 50x as large as my own country, the Microsoft and Google lawsuits and many more reasons, but I truly despise the way they design the consumer protection laws.
    Instead of punishing technology's abuses, they are really trying to make people's lives miserable.

    Visiting a web site ? half of your screen is covered by the

  • Honest question. How are folks implementing backups that comply with GDPR? Seems there would be some cases where you couldn't backup data on a per-user basis. Mutable backups just seem totally wrong.

    A lot of GDPR is clearly well thought out and easy to design too as a result. Migrating a non-GDPR based design could be a pain. But the requirements to be able discard backups in a month seems like it could be tricky in certain cases without compromising backup integrity.

"To take a significant step forward, you must make a series of finite improvements." -- Donald J. Atwood, General Motors

Working...