In the past months you may have noticed pop-up messages from websites informing you of an update in their privacy policy or asking if you understand that the company is using cookies to collect data about you. The increased disclosure is likely the result of a new law in Europe in effect since May 25: the General Data Protection Regulation. Researchers from the U-M School of Information and Ruhr-Universität Bochum who studied the impact of the regulation have seen use of these cookie notices skyrocket in 28 European Union member states.
They say that many of these notices, however, don’t meet legal requirements. Also, some global enterprises are displaying these privacy notices only to users in the EU states where the new law is in place. For example, WashingtonPost.com created a special ‘tracking-free’ subscription option for European readers, and Netflix lets European users disable targeted ads—both options that are not available to users based in the U.S. Florian Schaub, U-M assistant professor of information and of electrical engineering and computer science, says: “The bottom line is that without regulation companies in the United States are not likely to give more privacy choice to customers, so many will find ways to adapt their sites to comply where they must but continue to operate business as usual elsewhere.”