Email Unsubscription Service Unroll.me To Close To EU Users Saying it Can't Comply With GDPR (techcrunch.com) 76
Unroll.me, a company that has, for years, used the premise useful "email unsubscription" service to gain access to people's email inboxes in order to data-mine the contents for competitive intelligence -- and controversially flog the gleaned commercial insights to the likes of Uber -- is to stop serving users in Europe ahead of a new data protection enforcement regime incoming under GDPR, which applies from May 25. From a report: In a section on its website about the regional service shutdown, the company writes that "unfortunately we can no longer support users from the EU as of the 23rd of May," before asking whether a visitor lives in the EU or not. Clicking 'no' doesn't seem to do anything but clicking 'yes' brings up another info screen where Unroll.me writes that this is its "last month in the EU" -- because it says it will be unable to comply with "all GDPR requirements" (although it does not specify which portions of the regulation it cannot comply with).
One down... (Score:5, Insightful)
One useless parasite down. That's a start.
Go, GDPR!
Re:One down... (Score:5, Interesting)
Re: (Score:2)
Big surprise? (Score:5, Insightful)
How can anyone be surprised that a company with full access to someone's email misuses the information they receive.
Why is anyone still using the service after they got caught lying?
Re: (Score:2, Insightful)
People do care about lying. But what choice did we have when the other candidate was an even BIGGER liar?
Re: (Score:2, Funny)
Huh?!? What did Gary Johnson lie about?
Re: (Score:2)
There we go with the lies again.
Re: (Score:2)
Not always. They never reveal the truth, but some are clever enough to say only technically true statements in ways that will cause you to believe as they intend. Not that I've run across one recently.
Re: (Score:2)
Bill Clinton was caught lying. Under oath. He was even impeached for it.
Yet he remained in office.
Re:Big surprise? (Score:5, Informative)
Why is anyone still using the service after they got caught lying?
I didn't see any mention of Unroll.me lying to their customers. They are a free service, so they are going to make money off of their customers' data. If you are curious about how, you go read their Terms of Use and Privacy Policy. This is from their Privacy Policy before details of their business model went public:
We also collect non-personal information - data in a form that does not permit direct association with any specific individual ... For example, when you use our services, we may collect data from and about the "commercial electronic mail messages" and "transactional or relationship messages" (as such terms are defined in the CAN-SPAM Act (15 U.S.C. 7702 et. seq.) that are sent to your email accounts.
This clearly states they will look at advertisements (commercial electronic mail message) and receipts / order updates ("transactional or relationship messages) in your inbox in order collect data to sell to 3rd parties. So where were they lying? You may not like their business model but don't accuse them of doing things they didn't do.
Re: (Score:1)
I present to you a visual guide of how hard it is to read all the T&Cs today
https://i.imgur.com/5LphAGP.jpg
Re: (Score:2)
I present to you a visual guide of how hard it is to read all the T&Cs today
https://i.imgur.com/5LphAGP.jpg
I doubt that is an image of Unroll.me's privacy policy, since their document is about 6 pages long with significant white space and a Calibri 11 point font. Page 1 has their policy on collection of personal information, and page 2 has the text I listed above. If you actually care about how they collect your data, you can find everything you want under the headers Our Collection and Use of Personal Information and Our Collection and Use of Non-Personal Information, which are both about a page long.
Re: (Score:2)
That clearly says they will collect non-personal information. It says nothing about how they will use or disclose (i.e. sell) that information.
I would hope that would be obvious, but since you think it isn't here is some information from the very next paragraph of their privacy policy:
We may collect and use your commercial transactional messages and associated data to build anonymous market research products and services with trusted business partners. If we combine non-personal information with personal information, the combined information will be treated as personal information for as long as it remains combined.
Re: (Score:2)
I'm genuinely curious as to whether you read and comprehend all the privacy policies that are presented to you on the internet for every site that you interact with... and whether you think that that can be a reasonable thing to expect people to do.
I mean they are deliberately written to be long and hard to understand https://www.theatlantic.com/te... [theatlantic.com]
Re: (Score:2)
I'm genuinely curious as to whether you read and comprehend all the privacy policies that are presented to you on the internet for every site that you interact with... and whether you think that that can be a reasonable thing to expect people to do.
I mean they are deliberately written to be long and hard to understand https://www.theatlantic.com/te... [theatlantic.com]
No, I generally don't read any of them. But without thoroughly reading them you should simply assume all of the data you share can be shared with anyone. You should always assume the first time you type a phone number, address, etc. into a web form it is now public information, just like sending a nude selfie over SMS. Even payment methods such as credit cards are only possible because the card companies cancel / reimburse for fraudulent activity and send new cards, because you would be foolish to assume yo
Re: (Score:2)
Not lying, just obfuscating to the point where they know that the average person won't bother to read the ToS or work out what "transactional or relationship messages" are.
Re: (Score:2)
Not lying, just obfuscating to the point where they know that the average person won't bother to read the ToS or work out what "transactional or relationship messages" are.
Which isn't lying. They offer a free product, so you are the product. That shouldn't be a surprise to anyone.
False advertising (Score:2, Insightful)
Pretending to be a service for unsubscibing, while actually being a data-mining company...
You do realize that false advertising has always been illegal in the EU? Perhaps the real problem is that the fines for false advertising is too low, and the GDPR fines are large enough that companies care about them.
Re: (Score:2)
Is there any reason to doubt that they do both? If they do both, then it's not false advertising. They sell themselves to you based on what you want, and the sell your data to fund themselves.
If so, then while it may be reprehensible, it's not false advertising.
Re: (Score:2)
Pretending to be a service for unsubscibing, while actually being a data-mining company...
You do realize that false advertising has always been illegal in the EU? Perhaps the real problem is that the fines for false advertising is too low, and the GDPR fines are large enough that companies care about them.
Plus data-mining has also been illegal for some 30 years. GDPR is just a minor update of existing rules to enable better enforcement.
Re: (Score:2)
Those kinds of jobs being lost is a gain for humanity.
Re: (Score:2)
Subjective opinion, not a fact. I have no idea if it is a net gain or loss to humanity, but I suspect it is a loss, due to the totalitarian fascist nature of the law. The problem with Freedom is it is messy.
Re: (Score:3)
Protecting privacy is fascist, war is peace, freedom is slavery, ignorance is strength...
Re: (Score:2)
Privacy is an illusion.
If you really want to be "private", hole up in a cave away from anyone so that nobody knows anything about you. Other than that, your privacy is subject to everyone you interact with. Ask any private detective how much information they can gather on someone just by watching their every move. Privacy is an assumption , and an illusion.
Re: (Score:2)
Safety is an illusion, why do you wear a seatbelt?
Re: (Score:2)
You might want to go to your safe space and play with crayons.
Re: (Score:2)
Would somebody please think of the KZ-Guards...
By can't, they mean don't want to (Score:5, Insightful)
access to people's email inboxes in order to data-mine the contents for competitive intelligence -- and controversially flog the gleaned commercial insights to the likes of Uber
It's almost as if that's exactly the sort of undisclosed behavior the GDPR is designed to combat...
Granted, I suppose my subject is a bit unfair. If violating privacy is your primary business model, I guess "can't" is technically accurate.
Re:By can't, they mean don't want to (Score:4, Funny)
EU should flood them with "right to be forgotten" requests that they have to comply with
Re: (Score:2)
They already said they would delete all EU customer data before the GDPR deadline. So that's not really going to do anything.
Re: (Score:2)
talk and action are two different things; that is not an easy feat
Re: (Score:2)
Uber is required to delete that data now, with no action required on our part.
This law is fucking great.
Re: (Score:1)
There is always the GDPR letter from Hell [linkedin.com] that you can send them.
Re: (Score:2)
It's almost as if [access to people's email inboxes in order to data-mine the contents for competitive intelligence is] exactly the sort of undisclosed behavior the GDPR is designed to combat...
I don't think it is. The GDPR is specifically interested in personal information, not non-personal information such as commercial or transactional messages. As long as the data is sufficiently anonymized (something I'm sure the courts will further define over the next decade or so) I would think companies like Unroll.me could continue that part of their business model even with the GDPR.
There are likely other aspects of Unroll.me's business model which are causing them to cut off EU customers, not their pra
Re: (Score:2)
While I wouldn't doubt there are unfortunate facets of their business model that have not come to light, it could also be that avoiding the burden of having to reply to GPDR requesst is worth losing the market, even if you could give replies above board.
Re: (Score:2)
The focus of the GDPR is the need to inform the user and to allow them to control the use of their personal information, making undisclosed data collection and/or usage a primary target for the legislation. Thus this (I'm going by the summary here, I don't know anything about unroll.me) would be exactly the type of behavior it's designed to prevent. In other words, I strongly believe you are objectively wrong.
It is possible that they could keep going if they informed the user properly and made everything op
Which part (Score:3)
To reiterate: GDPR good. Unrollme bad. *massages temples* I chose this life. I chose this life.
This is the price Europeans must pay (Score:2)
Mandating personal privacy has cost you free shitty email service.
quo nullum argumentum (Score:2)
Si pecuniam haberem, panem emerem.
(est aliqualiter rationem)
GDPR is great ! (Score:4, Interesting)
Good. (Score:2)
Re: (Score:2)
Note that I'm not particularly enthusiastic about unroll.me's model or particularly trusting in their intent, but broadly speaking even if they can justify processing the data, the effort associated with auditing and proving their intent and risk according to the specific terms of GPDR could still be considered too much a burden to be worth it.
That's generally the issue with many regulations. They mean well and there is a definite need for some regulation to serve the purpose, but often they are structured
Is it just me (Score:2)
Re: (Score:2)
I think the goal is admirable, but reading the 'nightmare GPDR letter' highlights that doing things above board is good and required, but it also requires all good actors to respond to some potentially detailed inquiries. This includes both generic information about where and how data about the user is stored (which shouldn't be too much of a burden) to the specific unique details to a specific individual's data. This either means manual effort and/or creating specialized reporting to react to GPDR reques
Re: (Score:2)
Laws and regulations can be good or bad. A lot of people think that the GDPR is a good law, and that it improves the world. That doesn't mean its supports want arbitrary more laws beyond that.
Re: (Score:2)
Re: (Score:2)
The law has been in effect for a little over 30 years now, and not caused any troubles. The GDPR is only an update of the enforcement. It is the very same set of laws that forced Facebook to not merge data it bought from WhatsApp, and forced Google to not merge Youtube and Google Plus accounts.
Re: (Score:1)
This is about giving business less control over people by giving people more control over how businesses (and governments) process their data. That is a good thing.
EU and "consumer protection laws" (Score:2)
I am a huge fan of the EU. Not only because it's a bringing prosperity to my city (Brussels), is a net contributor to local and world peace, allows me to travel and pay more easily in a territory 50x as large as my own country, the Microsoft and Google lawsuits and many more reasons, but I truly despise the way they design the consumer protection laws.
Instead of punishing technology's abuses, they are really trying to make people's lives miserable.
Visiting a web site ? half of your screen is covered by the
Backup (Score:2)
Honest question. How are folks implementing backups that comply with GDPR? Seems there would be some cases where you couldn't backup data on a per-user basis. Mutable backups just seem totally wrong.
A lot of GDPR is clearly well thought out and easy to design too as a result. Migrating a non-GDPR based design could be a pain. But the requirements to be able discard backups in a month seems like it could be tricky in certain cases without compromising backup integrity.