Sub Total
Excluding delivery and voucher code discounts.
Go to basket

Free Delivery on all orders to UK mainland within 3 working days.


Exploring today's technology for tomorrow's possibilities
Why is Everyone Updating Their Privacy Policy

Why is Everyone Updating Their Privacy Policy (and What to Look For)?

Tulie Finley-Moise
You wake up one morning and see a peculiar email from Facebook informing you that they’ve updated their privacy policy - again. You see these “updates to Terms of Use” or “improvements to our privacy policy” titled emails popping into your inbox more and more frequently, so it’s only fair to wonder why everyone is updating their privacy policies so often these days.
The short answer is to protect users like you. As of spring of 2018 the General Data Protection Regulation, or GDPR, requires online service providers to be more transparent with consumers.
Company-to-consumer transparency is one of those things that, as a consumer, you’re generally not worried about until something bad happens. The GDPR overhaul aims to bridge that gap and upgrade the standards on which a user’s information and privacy are handled, whether in crisis or not. Across the globe, companies based out of the United States, European Union, Brazil, Australia, and more have made leaps and bounds toward protecting user privacy on a large-scale.
But what exactly is the General Data Protection Regulation? What is a privacy policy and how are they being updated? How will you be affected? Let’s take these questions one by one so you know more about privacy policies and their effect on you as a consumer.

What is a privacy policy?

At its core, a privacy policy is a document that details the many methods an organization plans to employ to protect consumer, client, or employee information within its independent operations. So when you sign up for Facebook, you’ll see a long document of small print text that explains the type of information they collect, how they use your plugged-in information, and how they share that information.
Most websites and service providers will make their privacy policy easily accessible to users and visitors. This ensures that users understand exactly what kind of information is being stored and what the site intends to do with that stored information. So unless you’re taking the time to scroll through and read the ins and outs of a privacy document, you’re likely signing off to a number of privacy agreements you’re completely unaware of.
In fact, a 2017 Deloitte survey found that 91% of Americans consent to legal terms, privacy policies, and terms of use without reading them [1]. Results from the 18-34 age range were even more alarming; a shocking 97% of young users accept terms and conditions before reading.
Bottom line is that privacy policies dictate a company’s precise intentions with your confidential information. Today’s technology and online services utilize so much of our personal information to make a number of decisions we don’t even know about. It’s the privacy policy’s job to reveal the background noise you probably scrolled through without fully understanding or reading.

What is the General Data Protection Regulation?

Back in 2016, the European Parliament passed legislation to provide citizens with more control over their personal information and data. This legislation also required companies to safeguard the confidential data and privacy of European Union citizens for EU-based transactions.
The GDPR gave companies and organizations two years to adjust their privacy policies to comply with the legislative terms. Full implementation went into effect on May 25, 2018, which is likely the answer to why you received so many privacy policy updates around that time.
Among the many changes brought on by the GDPR, there are five that truly changed the face of how companies and organizations handle user information.
1. Breach notification
2. Right to access
3. Privacy by design
4. Data portability
5. Right to be forgotten
These are all changes that better protect you. So, how does the GDPR work for you? Let’s break it down:
1. Breach notification: Article 33 of the General Data Protection details that an organization is required to report a data breach to an appropriate supervisory authority within 72 hours of becoming aware of it [2]. This process requires data controllers and supervisory authorities to determine the impacted individuals of the breach, and what specific information may have been compromised.
If the company is dealing with a large-scale, high-risk data breach that puts user financial, identity, or other sensitive data at risk, they are required to notify affected individuals. They are also obligated to be clear and comprehensive when communicating an active situation with users. In fact, some countries require that proof of communication be provided to the data protection authority to ensure proper information is being disclosed.
2. Right to access: It’s hard to believe that this wasn’t stated within legislation before, but Article 15 of the GDPR officially states that users “shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data” [3].
As per Article 15, users have the right to access the following:
  • The purpose of the processing
  • The categories of the specific personal data
  • The right to file a complaint with a supervisory authority
  • The envisioned period of time in which the data will be stored
  • The existence of automated decision-making and profiling
  • The right to request rectification or erasure of personal data from the controller
3. Data protection by design and by default: Article 25 of the GDPR states that controllers responsible for application or website creation are required to prioritize user information protection [4]. This mandates that user privacy and security be at the helm of the creation process, not a mere afterthought.
4. Data portability: Though data portability is a more complex concept, it’s an important one that gives users access to data concerning him or her provided by a controller through a structured, commonly used, and machine-readable format. Article 20 also permits users to transfer personal data from one controller to another [5].
5. Right to be forgotten: Think back to your earlier internet days where you thought posting embarrassing pictures or making less-than-savory email accounts was acceptable. In your adulthood, there’s nothing you want more than to make those nightmarish photos and accounts disappear.
Luckily the GDPR introduced a new right allowing individuals to have personal information permanently erased. Also known as the right to erasure, this right is not an absolute and is only applicable under certain circumstances.

Who does the GDPR affect?

You’re probably wondering how a European Union regulation can possibly affect you when you live on outside soil. But if you’re a Google, Facebook, Twitter, or Instagram user, the GDPR has already taken effect in your life.
The Right to Access provision [6] within the GDPR mandates that each listed company and all others in compliance must provide a record of all the collected data on you provided that you request it. In the case that you want or need a copy of all of that information, it is no longer inaccessible. In essence, the GDPR gives the average user far more privacy protection freedoms than in the past.
In the larger scheme of things, the GDPR most significantly affects businesses with online services. Since the 2016 passing of the GDPR, businesses were allotted 2 years to get their privacy and security policies in perfect alignment with the GDPR’s requirements. Falling below the GDPR compliance standard results in a hefty penalty; either 4% of the company’s annual global turnover, or a $26,421,980 fine (whichever is greater).

What should I look for within privacy policy updates?

Across the board, the GDPR has lent itself to requiring companies and organizations to holding themselves to high standards when it comes to handling confidential user information. Though you may have felt a little annoyed to see your inbox filled with policy update emails, it’s the simple notification that already points the needle in the right direction.
Take Facebook for example: with over 2.32 billion users worldwide, the social media giant is home to one of the largest hubs of user information. From sharing your date of birth to photos from high school, the average Facebook user has absolutely no problem sharing their lives on the social media site. Though the focus is ultimately on sharing those moments with close friends and family, users often overlook the fact that Facebook also uses your information for other applications.
In perhaps the largest data leak the social networking site has ever seen, Facebook’s Cambridge Analytica ordeal prompted millions to revisit how much they put out onto the internet. In an attempt to rectify the situation and comply with the GDPR, Facebook made a number of changes and updates to their privacy policy - setting the stage for what to look for in revisited policies.

How information is collected and shared

When you sign up for Facebook, you’re asked to provide your name, gender, date of birth, email, and mobile phone number. This data alone can help Facebook better understand who you are, and what you will likely want to see. However, your online behavior is also tracked by Facebook.
Once you’re all signed up and logged in, Facebook will then collect and store data pertaining to:
  • Additional personal information such as hometown, maiden name, current city, employment, political groups, alumni associations, main names, school, and other linked social networks.
  • Every IP address that you use to log in to your account
  • A complete activity log documenting “a list of your posts and activity, from today back to the very beginning. You’ll also see stories and photos you’ve been tagged in, as well as the connections you’ve made - like when you liked a Page or added someone as a friend.”
  • All third-party applications that you intentionally or unintentionally link to your Facebook account. This includes everything from Uber, Airbnb, Candy Crush, Spotify, and more.
  • All connected devices that you have used to access your Facebook account. This could be your smartwatch, smartphone, computer, tablet, or virtual assistants.
In essence, Facebook wants to understand exactly who you are, and uses a number of telling resources to collect the information needed to build and strengthen your profile.
When it comes to sharing your information, Facebook plainly states in their privacy policy that they “will never sell your information to anyone” and that they “have a responsibility to keep people’s information safe and secure.” According to their privacy policy, they share your information with the following audiences [7]:
  • Partners who use their analytics services
  • Advertisers
  • Partners offering food and services within Facebook
  • Researchers and academics
  • Measurement partners
  • Law enforcement or legal requests
  • People and accounts you choose to share and communicate with
  • Third-party apps and websites that have Facebook integration

Giving users control over advertising

Before the GDPR, Facebook used any and all information provided to generate targeted ads. Since 2018, Facebook will now prompt users with an option to enable or disable targeted ads based on political, religious, and relationship information you provide. Though you won't be able to completely rid your timeline of advertisements, you’ll be able to modify what information is used to target you.

Company transparency

In an effort to boost their company transparency, Facebook has made their data and privacy policy easily accessible and readable for all users. They have also introduced privacy shortcut features that remove the many confusing hoops you used to jump through in order to modify or delete your information.

Bottom line

Across the board, when looking into newly updated privacy policies, be sure to assess them for those three key features that should be thoroughly detailed:
  • How they collect your data
  • How they use your data, particularly for advertising
  • How transparent they are about your data
The GDPR was created to keep users like you informed and protected against corporate user information exploitation.
The future of online servicer privacy policies is one worth keeping an eye on. The day the GDPR went into effect, a number of U.S. news sites went down due to policy violations [8]. This included high-profile sites such as the Chicago Tribune, the LA Times, the New York Daily News, and more.
The ambiguity surrounding the scope of the GDPR has been a cause for controversy and a definite roadblock for understanding what the future of the GDPR will look like. While it is an EU-based policy, online service providers based outside the EU who offer their services to EU users are forced to comply if they intend to keep their international reach.
Tackling internet privacy is a large task, but experts all agree that it is one that should be taken seriously. And as long as the internet exists, data will too. It’s a simple matter of regulation and enforcement that will shape how we share our information on the world wide web in the future.
[2] PrivazyPlan; Article 33 EU GDPR
[3] PrivazyPlan; Article 15 EU GDPR
[4] PrivazyPlan; Article 25 EU GDPR
[5] PrivazyPlan; Article 20 EU GDPR
[6] Privacy Europe; Right of Access
[7] Facebook; Data Policy
About the Author: Tulie Finley-Moise is a contributing writer for HP® Tech Takes. Tulie is a digital content creation specialist based in San Diego, California with a passion for the latest tech and digital media news.

Disclosure: Our site may get a share of revenue from the sale of the products featured on this page.

More about these products

Prices, specifications, availability and terms of offers may change without notice. Price protection, price matching or price guarantees do not apply to Intra-day, Daily Deals or limited-time promotions. Quantity limits may apply to orders, including orders for discounted and promotional items. Despite our best efforts, a small number of items may contain pricing, typography, or photography errors. Correct prices and promotions are validated at the time your order is placed. These terms apply only to products sold by; reseller offers may vary. Items sold by are not for immediate resale. Orders that do not comply with terms, conditions, and limitations may be cancelled. Contract and volume customers not eligible.

HP’s MSRP is subject to discount. HP’s MSRP price is shown as either a stand-alone price or as a strike-through price with a discounted or promotional price also listed. Discounted or promotional pricing is indicated by the presence of an additional higher MSRP strike-through price

The following applies to HP systems with Intel 6th Gen and other future-generation processors on systems shipping with Windows 7, Windows 8, Windows 8.1 or Windows 10 Pro systems downgraded to Windows 7 Professional, Windows 8 Pro, or Windows 8.1: This version of Windows running with the processor or chipsets used in this system has limited support from Microsoft. For more information about Microsoft’s support, please see Microsoft’s Support Lifecycle FAQ at

Ultrabook, Celeron, Celeron Inside, Core Inside, Intel, Intel Logo, Intel Atom, Intel Atom Inside, Intel Core, Intel Inside, Intel Inside Logo, Intel vPro, Itanium, Itanium Inside, Pentium, Pentium Inside, vPro Inside, Xeon, Xeon Phi, Xeon Inside, and Intel Optane are trademarks of Intel Corporation or its subsidiaries in the U.S. and/or other countries.

In-home warranty is available only on select customizable HP desktop PCs. Need for in-home service is determined by HP support representative. Customer may be required to run system self-test programs or correct reported faults by following advice given over phone. On-site services provided only if issue can't be corrected remotely. Service not available holidays and weekends.

HP will transfer your name and address information, IP address, products ordered and associated costs and other personal information related to processing your application to Bill Me Later®. Bill Me Later will use that data under its privacy policy.

Microsoft Windows 10: Not all features are available in all editions or versions of Windows 10. Systems may require upgraded and/or separately purchased hardware, drivers, software or BIOS update to take full advantage of Windows 10 functionality. Windows 10 is automatically updated, which is always enabled. ISP fees may apply and additional requirements may apply over time for updates. See

“Best All In One Printer” and “the easiest printer you’ve ever had to set up” from Wirecutter. ©2020 The Wirecutter, Inc.. All rights reserved. Used under license.

Get Marvel’s Avengers when you purchase HP gaming PCs with qualifying 9th gen or 10th gen Intel® Core™ i5, i7 and i9 processors. Redemption code will be sent out by email within 60 days of purchase. Limited quantities and while supply lasts. Offer valid thru 12/31/2020 only while supplies last. We reserve the right to replace titles in the offer for ones of equal or greater value. Certain titles may not be available to all consumers because of age restrictions. The Offer may be changed, cancelled, or suspended at any time, for any reason, without notice, at Intel’s reasonable discretion if its fairness or integrity affected whether due to human or technical error. The Offer sponsor is Intel Corporation, 2200 Mission College Blvd., Santa Clara, CA 95054, USA. To participate you must create an Intel Digital Hub Account, purchase a qualifying product during the redemption period, enter a valid Master Key, and respond to a brief survey. Information you submit is collected, stored, processed, and used on servers in the USA. For more information on offer details, eligibility, restrictions, and our privacy policy, visit

© 2020 MARVEL. © Intel Corporation. Intel, the Intel logo, and other Intel marks are trademarks of Intel Corporation or its subsidiaries in the U.S. and/or other countries. Other names and brands may be claimed as the property of others.

The personal information you provide will be used according to the HP Privacy Statement (