Email Privacy 📮

In honor of last weekend's Data Privacy Day, I wanted to share some thoughts about a topic that has been very dear to me for a couple of years now.

A recent event made me think about email privacy again. An event, that caused a very emotional response in me. I was just browsing through my inbox. In have a folder there, where I collect all personal email. All of a sudden, a clearly impersonal email ended up in said folder. You know what kind of email I'm talking about. A marketing email.

At that moment, I got upset. Why would anyone have the impudence to send a marketing email to my personal email address? How could anyone in the depths of the internet know my personal email address in the first place? Careful that I am, I had never entered it into a web form. Another curious thing about that email was that I had never heard of the service that was being advertised.

So I sent their privacy team a nasty email. I explained how I had no earthly idea how their email landed in my inbox, I mentioned the GDPR and my rights as a European citizen and wondered how they got my data. I was surprised to receive a very friendly response from someone named "Julie" that asked for my apologies. She said that apparently I registered for their product's waiting list a few years ago. And yet, I did not find any proof of that.

How could this have happened?

Your email address is your online identity

It's fair to say that everyone online has an email address. It's part of this game called "the internet". And when we play this particular game, our email address acts as a way to identify ourselves. No matter if we shop online, create online accounts or respond to customer feedback forms, we all need one.

You might use it to log in to your favorite social media platform. You might also use it to log in to your favorite streaming service. And how about your favorite productivity app? Don't you use the same email address there too?

Long ago, the only purpose of an email address was to communicate on the internet. Today, online services use it as an identifier so that you can log in. That would be fine, if the internet was only used by good-natured people.

You leave a trail on the internet. There are services where entering your email address gives a list of all online accounts associated with it. With just this piece of information, people with bad intentions could find out so much about you. They could come up with a whole online profile of you and discover other personal information like your name, your address or what you look like.

It's also possible that your email address has been involved in a data breach. In this case, it would be bad if you used the same address for other services. Even worse, if you used the same password for these other services.

Your email address is sensitive personal information that needs to be protected.

Personal versus transactional & marketing emails

Since an email address is nowadays required to gain access to a multitude of services, its role as a tool changed over the past decades.

These days, a lot of emails in the private area tend to be transactional (account sign-ups, password resets, newsletter subscriptions) or marketing emails. A lot of email communication is not between you and people, but rather between you and software.

For that reason, humanity invented email aliases. I used to have one email address for practically anything. Today, I use a personal email address for personal matters and created email aliases for my several online accounts.

This way, I can clearly separate between personal email and transactional or marketing emails.

Double opt-in

At this point of my story you might understand the anger I felt when I received the marketing email in question. I told the nice lady, that I don't remember a double opt-in happening. A double opt-in, to say the least, is pure privacy bliss.

Without the magic of the double opt-in, if I had your email address, I could just run around the internet and sign you up for all kinds of newsletter services, online accounts, etc. To better protect user privacy, the GDPR defined in its article 7 that online services are required to obtain consent before they can process personal data. In practice, this means that you have to confirm your email address after you used it in a web form.

I get very emotional when my email address ends up in a marketing campaign I have never consented to. Especially when it is so unclear how they got my consent in the first place. If the internet respected double opt-ins in order to sign up for anything, it would be a better place.

"I don't care if they have my data"

I'm sorry, but I'm sick of people saying that and yet it appears to be such a common theme. If you are among these people, please think again.

Do you care if companies can tell your age, your ethnicity, where you live, what you are interested in, your political ideology, what you do online and so much more for the sole intent of maximum profit? For god's sake, if that isn't surveillance then what is? This isn't even an exaggeration. There actually is such as a thing as surveillance capitalism, and it's fucking scary.

Personal privacy is a choice. There are tons of things you can do in order to protect it.

Today, you could start with taking email privacy into your hands:

• You could unsubscribe from marketing emails that annoy you.
• You could delete online accounts you have no more use for.
• You could google your name and see if you found your email address in that way.
• You could even start all over and create email aliases: one for personal mail, another for account-related mail.
• You could write nasty emails to companies when you feel like they hurt your privacy rights. 😡

If you're crazy enough you could even categorize online accounts and use one account-related alias for social media, another for shopping, yet another for travelling and so on. If that sounds too fancy for you, tools like Firefox Relay or Apple's Hide My Email can help you get started.

Don't just accept that this is the way things are these days. Don't just succumb to the "I don't care if they have my data" attitude. You do have a choice. All it takes is you giving a shit. ✌️