What's in Those New Privacy Policies From Companies Like Instagram, LinkedIn?

Social media users in the United States were emailed notices over the last month or so with new detailed "Privacy Policy" and "Terms of Service" agreements from the companies they have accounts with. The new policies are virtually ubiquitous—spanning everything from social sites like Instagram and Snapchat to health apps like Fitbit—alerting customers to the changes in policy.

While the changes coincide with congressional hearings and the backlash Facebook is facing after the Cambridge Analytica hack, they're actually unrelated. The changes go into effect before May 25, when any company operating on the web in a country in the European Union needs to adhere to a new law: the General Data Protection Regulation.

The new law requires that companies provide their users a means to access the data the company has stored on them, and also says that users have the right to ask companies to delete that data.

"Up until now, if a company mishandled user data, privacy enforcement in both the EU and the U.S. often resulted in little more than slaps on the wrist," Alessandro Acquisti, professor of information technology and public policy at Carnegie Mellon University, told Newsweek.

But under the new law, mishandling that data is a more serious offense.

"Under GDPR, fines for violation of privacy requirements can get real," Acquisti said.

To avoid those violations, companies around the world are changing their policies.

"What you are seeing is companies positioning themselves so as to avoid, or lessen, the risks of being found not compliant. It's about the company's economic sake, less so the users'," Acquisti said.

Companies have done this by making the privacy policies and the terms of service easier to understand and more transparent. Changing the way the platforms or companies use data on a country-by-country basis would be difficult, so the new law in Europe has, in turn, positively benefited those in the U.S.

person looking at phone
A woman looks at social networking applications Facebook, Instagram, Snapchat, Whatsapp, Twitter, Messenger and LinkedIn on a smartphone, in Kuala Lumpur, on March 22. Many social networks have issued new privacy policies in preparation for a new law in Europe. Manan Vatsyayana/Getty Images

LinkedIn explicitly mentioned the legislation in a company blog post about the new terms of service it issues to users. The company made it clear to users that "many of these changes are driven by a new European data protection law known as the General Data Protection Regulation (GDPR), which goes into effect in May."

"I think what we're seeing is more disclosure," Kevin Ells, director of marketing for eBlocker, a technology that helps users gain privacy on their home networks, told Newsweek. "What they've done in addition to explaining things, they've made it easier for people to now see what's being shared online," he said.

For example, those who use Facebook or any of its other networks can already access much of the data the company has collected on them, like deleted friends, linked apps, their political views and more. But in complying with the GDPR, Facebook made such information easier to see and download with the recent policy update, and asked users to provide input on changes they wanted to see.

But there's a catch.

"None of this is saying they can't use the data they already have on you," Ells told Newsweek.

The law won't work retroactively for any users, no matter where in the world they are. Anyone who wants data that's previously been collected on them to be deleted needs to take action on their own.

"You can delete the data, so it's up to you to go in and clean up your personal record," Ells explained.

This can come in especially handy for people who use Facebook and linked other apps, or logged into other sites using their Facebook profile. What seems like a convenience at the time actually gives third-party companies a host of rights to not only a user's information but some of the information on their friends on the platform as well.

Users can, however, go into their accounts and unlink those apps.

"It's a pain in the butt, but if you don't, every day you do something you may be sharing everything you do with tens or hundreds of companies," Ells said.

While the new policies sound like they'll benefit users, it's hard to tell how well companies will be able to comply, especially when it comes to erasing data. Despite the new law, and the new policies, companies are still limited by the infrastructures they've built when it comes to data. If a small company suddenly gets flooded with requests to delete user data, that could pose a challenge.

"They just haven't built systems to erase data, they've built systems to catch data," Ells said.