(Censored addresses are financial correspondences.)May 26, 2018 Tags: workflow
This post is at least a year old.
I’ve seen a few people on Twitter mention the massive number of GDPR emails they’ve received, so I figured I would take a moment to analyze mine.
Some quick background:
To collect all of my GDPR-related emails, I turned to
the fantastic imapfilter. I had already set it up
with a cron timer for routine management of my email, so adding a new rule was straightforward.
In ~/.imapfilter/config.lua:
1
2
3
4
messages = yossarian["INBOX"]:contain_message("GDPR")
+ yossarian["INBOX"]:contain_message("General Data Protection Regulation")
+ terpmail["INBOX"]:contain_message("GDPR")
+ terpmail["INBOX"]:contain_message("General Data Protection Regulation")
For those not familiar with imapfilter, this rule:
yossarian) containing “GDPR”…terpmail) containing “GDPR”…I could have done that a bit more cleanly with a loop (imapfilter’s config is just a Lua script),
but ¯\_(ツ)_/¯
The result:
1
2
3
4
$ imapfilter
imapfilter: IMAP (4): 1019 NO [TRYCREATE] No folder GDPR (Failure)
21 messages copied from william@yossarian.net@imap.gmail.com/INBOX to william@yossarian.net@imap.gmail.com/GDPR.
4 messages copied from woodrufw@terpmail.umd.edu@imap.gmail.com/INBOX to william@yossarian.net@imap.gmail.com/GDPR.
(The TRYCREATE there is just imapfilter seeing that the folder didn’t already exist,
and creating it for me).
So, 25 messages in my inboxes contained “GDPR” in their either their bodies or their envelopes.
To make sure I hadn’t missed anything that had been already removed by other filters (including spam filters), I also manually checked my other folders on both accounts for GDPR notices. From this search I found an additional six messages, for a total of 311.
The results:
(Censored addresses are financial correspondences.)
The first email I received to even mention GDPR came from Amazon on 3/19, and was an advertisement for online tech talks.
The first emails to actually notify me of a GDPR-related privacy policy change came three days after that, on 3/22, from Slack. Slack’s team appears to have de-duplicated their GDPR email traffic — I only received one email per unique address, instead of one email per Slack group membership.
After that, the notices tricked in for about two months. Twitter sent four of five on 4/25, and the fifth on 5/4. Google sent me two notifications, concerning unused analytics accounts, spaced two weeks apart. Two Homebrew emails were also caught up in the filter, as we added a mention of the Google Analytics retention period to our documentation.
After the trickle came a flood on the last four days: I got nearly as many emails (14) between 5/22 and 5/25 as the two months prior (17, 14 of which were actual notices). The latest one was from Steam at 11:17PM EST, which is already a few hours past the deadline (assuming GMT).
Of all of the notices, a few were delivered to interesting addresses: one was delivered to a high school address that I must have set to forward years ago, and another was delivered to a Gmail address that I had used to originally sign up for GitHub (and then promptly forgot about).
Overall, I was a little underwhelmed by the number of GDPR notices I received — I expected many more, given the number of accounts I have. I have three decent hypotheses for these results:
imapfilter search was too conservative, and I missed a large number of notices.The second hypothesis is challenged by the results of my manual search: the only non-matching emails I found were the Twitter ones, and I added those by hand. As such, I’m inclined to think that either (1) or (3) (or both!) is the case. The former would be reassuring, and the latter would be a little annoying.
Thanks for reading!
Included in that six were five from Twitter (mostly for old bot accounts), none of which contained either “GDPR” or “General Data Protection Regulation.” ↩