Ever since EU’s new General Data Privacy Regulation (GDPR) came into effect, GDPR Hall of Shame has named and shamed many companies. It’s a website dedicated to the greatest GDPR blunders to date, and its pages feature hilarious mistakes aplenty.
Ghostery takes the cake for the biggest GDPR email blunder. The error showcases just how quickly even the best of firms can completely screw up while trying to comply with GDPR.
Ghostery is a privacy-centric browser extension that monitors for trackers while users visit sites using their browser. Digital privacy advocates generally appreciate them. But, in this instance, Ghostery shot itself in the foot landing it on GDPR hot water.
The embarrassing error was not the email itself, but the carbon copy of over 500 users’ email addresses into each instance of the email. The email itself was completely safe: “We at Ghostery hold ourselves to a high standard when it comes to users’ privacy, and have implemented measures to reinforce security and ensure compliance with all aspects of this new legislation.”
The outcome? Each Ghostery user was provided with 499 fellow users’ email addresses. Private information that is now classified as personal data” by the EU’s new GDPR legislation.
Ghostery users took to Twitter to complain about the howler. A user with the twitter handle @andrewrstine, sarcastically commented:
Another user, @sebastianwaters, Twitted in disbelief:
“Wtf, did @Ghostery really just send out their #GDPR email with users‘ email address visible to everyone?! #GDPRfail”.
Following public outcry, Ghostery published a blog post apologizing for its horrible mistake.
So, what was the reason behind the error in judgment?
As per the firm, it recently decided to “stop using a third-party email automation platform”. The concept was to “be more secure” by managing “user account emails in our system, so we could fully monitor and control data practices surrounding them.”
Users Forgiving Too Easily?
Luckily for Ghostery, it seems like most users accepted the apology. Gizmodo revealed that most of the Ghostery users it contacted said they would continue to use the anti-tracking extension. Unfortunately, for some, it is a sign that the firm is not adequately equipped to protect their data.
All in all, one has to be critical of Ghostery as anyway there are better anti-tracking tools on the market like Electronic Frontier Foundation’s Privacy Badger.
In Compliance with GDPR, Ghostery will need to report the data leak to the European Commission.