The list of updated privacy policies in my inbox goes on and on -- and if you've signed up for any online service in the last decade, these emails are most likely in your inbox, too.
The data privacy law, which passed in 2016, allowed two years for companies to whip themselves into shape. Even with all that time to make their adjustments and notify users, the majority of these emails came in the run-up to Friday, the GDPR's deadline.
The crux of the new privacy policies follows the same idea: GDPR now requires companies to explicitly ask to collect your data and allow you to delete any information they collect on you.
So, with this rush of new legalese storming everyone's inboxes, we need to ask an important question: Is anyone actually reading this?
And even though the GDPR now requires privacy policies to be written in "clear and plain language," as it turns out, they've gotten even more complicated.
The Wall Street Journal discovered that privacy policies for Google, Facebook, Twitter, Instagram and LinkedIn all actually became lengthier in their GDPR-compliant updates. Experts told The Washington Post these changes would likely make privacy policies more complicated, despite the EU's regulations.
A reason these updated policies are much longer than their predecessors could be that companies have been rushing to meet the deadline, said Adrienne Ehrhardt, a partner at the law firm Michael Best, which is focused on privacy and cybersecurity.
"So, understandably, the approach may be to put in all the required information, and being transparent may equate to overinforming, which leads to very long privacy notices," she said.
It's been a rough few months for online privacy. Maybe you saw how Facebook CEO Mark Zuckerberg had to endure 10 hours of grilling by members of Congress last month, or caught his awkward moments in the EU Parliament earlier this week. That was all because of the Cambridge Analytica scandal that came to light in March: In a nutshell, the personal data of 87 million Facebook users got shared when it shouldn't have.
Zuckerberg took a stab, at least, at telling EU lawmakers how Facebook would comply with the GDPR.
Facebook isn't alone, of course. A privacy advocacy group in the UK sued Google for $4.3 billion over collecting browser data without people's consent -- the data harvesting happened from 2011 to 2012, but the lawsuit just went to trial on May 21.
But back to you and those privacy notices.
"Let's be honest, few Americans can decipher or understand what this contract means," Sen. Kamala Harris, a Democrat from California, said during a May 16 Senate hearing with Cambridge Analytica's whistleblower Christopher Wylie.
With that in mind, experts are skeptical that anyone is really taking the time to dig through all these updates.
If you do skip these updated privacy policies though, you'd be unaware of all the new data protections that GDPR gives. Here's a quick cheat sheet. You're now able to:
- Ask a website to delete data that it holds on you
- Download all the data that a company has stored on you
- Find out how that company is using your data
Any firm that doesn't comply could face fines of up to 4 percent of its global profits.
"We have seen examples of people using social media to highlight companies with inappropriate privacy policies," he said.
"I think the biggest value is a sense of confidence that they'll have a recourse should they need it," Charlton said.
While he has faith that these updated policies are protecting people, he's skeptical people are looking through the fine print.
"There have been a slew of new user agreements in the past few days, and I'm curious who's reading all of these updates."
'Hello, humans': Google's Duplex could make Assistant the most lifelike AI yet.
Cambridge Analytica: Everything you need to know about Facebook's data mining scandal.