Unroll.me Illustrates GDPR’s Challenges to Tech Firms

As a consumer tool, unroll.me was a hit for quite some time (before one giant blunder). It helped manage email queues to filter signal from noise. But moving forward, it will no longer service users in the EU because of General Data Protection Regulation (GDPR); this is arguably the company’s biggest mistake to-date.

In broadest scope, unroll.me made two blunders that are really one massive issue. The first was the revelation that it sold user data without explicit consent, specifically to Uber. The ride-sharing giant purchased data from unroll.me’s parent company, Slice Technologies, to know who was using Lyft.

The practice was shocking, but not altogether surprising. The very nature of unroll.me was to peer into your email inbox to see what types of email you were receiving. From there, it allowed you to opt-out from spam, or roll up non-essential email into a weekly delivery newsletter. As a tool, it’s brilliant.

But clever doesn’t cut it in 2018, especially where GDPR is concerned. With the new law, control of personal data is being returned to citizens and netizens of the EU. Although Slice Technologies is located in San Mateo, California, any company that does business with EU citizens falls under the law’s umbrella.

GDPR will force companies to engage in a cumbersome process of re-opting-in all users. For a company like Slice, it would need to re-engage users directly to let them know what it did with data, and how it treated personal information. Users would have to make the active choice to start fresh with Slice.

But rather than go through this, Slice picked up anchor in the EU. In a statement, Slice had the following to say about unroll.me:

“The EU is implementing new data privacy rules, known as General Data Protection Regulation (GDPR). Unfortunately, our service is intended to serve users in the U.S. Because it was not designed to comply with all GDPR requirements, Unroll.Me will not be available to EU residents. This means we may not serve users we believe are residents of the EU, and we must delete any EU user accounts by May 24. We are truly sorry that we are unable to offer our service to you.”

If you’re looking for the TL;DR version of that statement, it’s simple: Slice sees its users as the product. The company is saying it can only exist where it can obfuscate what it does with information surreptitiously gathered about users. The EU has made that impossible; the United States hasn’t caught up.

We probably shouldn’t be surprised, though. In the wake of its issues surrounding the selling of data to Uber, a co-founder of unroll.me (who is no longer affiliated with the company; it seems she left during the acquisition by Slice) went on a bit of a tirade. Perri Chase asserts users who didn’t know unroll.me was grabbing user data were (or are) “living under a rock.”

It’s a blunt assessment, but indicative of how Slice and unroll.me consider users. Thankfully, new laws in the EU have turned some rocks over so everyone can see what companies are doing in plain sight.

Of course, Slice had a better option than taking its ball and going home: it could have embraced honesty and transparency. Had unroll.me been up-front about its plans for data, or simply made an effort to comply with GDPR more closely, users would have re-engaged. Yes, perhaps they wouldn’t have engaged at the level they once did, but this move suggests users simply aren’t worth the effort for them.

Related Posts

Post a Comment

Your email address will not be published.