Please Stop Spamming Reviewers’ Inboxes With GDPR Notices, They Mean Nothing

So tomorrow the GDPR privacy protections go into effect in the EU. In reality, this means you need to change your data retention policies and ask for consent, notify people of data breaches and some other stuff. But in most people’s minds, this seems to mean “spam everyone with emails and hope it all works out”.

Now, I’m not in the EU nor a policy maker, so don’t trust me: Go trust The Guardian and their policy experts:

The vast majority of emails flooding inboxes across Europe from companies asking for consent to keep recipients on their mailing list are unnecessary and some may be illegal, privacy experts have said…

(Also almost no one is limiting their spam to Europeans, despite the Guardian’s wording here.)

As a reviewer on dozens of PR listings, I’ve gotten over 100 emails about new privacy policies, “please sign up again”, blah blah blah. I just cleaned out a dozen from my inbox before writing this article.

Odds are, at most 1 in 10 of these emails are even meaningful and less than that were actually necessary. If I opted into your review list, you do not have to email me. If you’re just going to be following the policies you’re…required to follow anyway, you don’t have to email me. Save the emails for PR. That is why I consented to be on your list, not spam about whether I consented to be on your list (goodness the irony).

If you already gathered my consent, there’s almost certainly no need to spam my inbox. Even if you didn’t, there’s various clauses in the policy that allow collection without consent provided it follows the GDPR’s retention/etc policies.

In short, stop emailing me and make sure your actual data policies met GDPR, because that is the only part that ever mattered. This was not supposed to be another EU Cookie Law where no one changes anything but all burdens are passed on to the consumer with a bunch of annoying crap no one reads.

In fact, reading a bit of it, it seems this consumer-side burden was specifically intended to be avoided in the GDPR. What initially appeared to be another Dumb EU Overreaching Law seems to largely be a case of poorly informed people doing basically random things hoping they’ll accidentally comply with it.

Support my guides and articles on Patreon!