Cookie banner

This site uses cookies. Select "Block all non-essential cookies" to only allow cookies necessary to display content and enable core site features. Select "Accept all cookies" to also personalize your experience on the site with ads and partner content tailored to your interests, and to allow us to measure the effectiveness of our service.

To learn more, review our Cookie Policy, Privacy Notice and Terms of Use.

clock menu more-arrow no yes mobile

Filed under:

Why Are All These Brands Emailing You About Their Privacy Policies?

New, 2 comments

The European Union’s General Data Protection Regulation, basically.

A young woman looks at her computer with an expression of exhaustion.
“When did I sign up for GoDaddy?”
Photo: Portishead1/Getty Images

Racked is no longer publishing. Thank you to everyone who read our work over the years. The archives will remain available here; for new stories, head over to, where our staff is covering consumer culture for The Goods by Vox. You can also see what we’re up to by signing up here.

One of the consequences of being an avid online shopper is that you wind up giving out your email address with abandon. Random secondhand site I found on Instagram? Have a Gmail! Big clothing chain that has a store within easy subway distance of my office? Find me online!

Much like the former love interest who hits you up twice a year to “say hello,” brands have been emerging from the woodwork over the past few weeks to share updates about their privacy policies. That’s because of the European Union’s General Data Protection Regulation (GDPR), which goes into effect on Friday, May 25.

The GDPR, which the EU Parliament approved in 2016 after four years of debate, aims to create transparency between companies and the users whose data they collect. Under this law, the former need to clearly explain to people why they’re gathering their data, how long it will be kept for, and what other parties might receive it. Those are just a few of the requirements.

This holds true even for companies that aren’t based in Europe if they process EU citizens’ information, which is why people on this side of the pond are receiving messages about it too.

Thus, many companies have been emailing users about their privacy policy updates. Some of these are wholly unsurprising — ahem, Facebook — but for more than a few people in the Racked office, our inboxes are galleries of companies we forgot we gave our information to, like Everlane, Resy, eBay, Spotify, Etsy, Marriott, Kickstarter, and GoDaddy.

It’s a sobering experience. If you’d asked me whether eBay had my information, I’d say ... probably? But if you’d asked for a complete list of brands that have my information, no way could I generate that for you. I’m diligent about unsubscribing to promotional emails when I buy something online, but getting these privacy policy updates is a reminder that even if you uncheck that box, the brand still knows who you are.

If you’re wondering why _________ hasn’t sent you an email about your data, well, a lot of companies still aren’t prepared to meet the GDPR deadline.

Also, while you’re at it, tell us your email!