You've probably noticed emails about companies' privacy policy changes arriving in your inbox. It's less likely you've read them—though it's important you do, says lawyer Mona Ibrahim. Writing at Polygon, Ibrahim notes the emails may be "asking permission to do and track a lot of different things" in line with a new set of privacy rules in the European Union. Though the General Data Protection Regulation is "a good thing" meant to make data collection and sharing more transparent, it's also new and confusing, especially for users outside of the EU, Ibrahim writes. These users stand to benefit as "many companies are implementing compliance and enforcement strategies that apply to all end users." But "you will have to navigate the company's (new) privacy policy to determine if these rights apply to you."
If they do, you can request and review your data, including who has access to it and how it's protected. And in many cases, you'll be able to restrict data or request it be deleted as you see fit. That's because the GDPR requires user consent when a company doesn't have another legal basis for collecting data. And blanket agreements won't cut it since "consent must be specific, concise, easy to understand, and freely given." Taking action may not only help you now, but in the long run "in determining the shape this law eventually takes," Ibrahim adds. "As you, the consumer, communicate your requests concerning data collection and how you want those requests serviced, companies will implement new strategies to ensure they don't lose your business." Her very thorough article includes tips on how to get started. (More privacy laws stories.)